Systems Engineer Sr – Automation – Opsware SAS / HP SA Next Step Systems US-PA-Philadelphia Post A Job | Post A Resume

http://security.gentoo.org

Severity: High
Title: ipsec-tools contains an X.509 certificates vulnerability.
Date: April 07, 2004
Bugs: #47013
ID: 200404-05

Synopsis

ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.

Background

From http://ipsec-tools.sourceforge.net/ :

"IPsec-Tools is a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation."

Affected packages

Description

racoon (a utility in the ipsec-tools package) does not verify digital signatures on Phase1 packets. This means that anybody holding the correct X.509 certificate would be able to establish a connection, even if they did not have the corresponding private key.

Impact

Since digital signatures are not verified by the racoon tool, an attacker may be able to connect to the VPN gateway and/or execute a man-in-the-middle attack.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

ipsec-tools users should upgrade to version 0.2.5 or later:

    # emerge sync

    # emerge -pv ">-net-firewall/ipsec-tools-0.2.5"
    # emerge ">-net-firewall/ipsec-tools-0.2.5"

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

http://security.gentoo.org

Severity: High
Title: KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability
Date: April 06, 2004
Bugs: #38256
ID: 200404-02

Synopsis

KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

Background

KDE-PIM is an application suite designed to manage mail, addresses, appointments, and contacts.

Affected packages

Description

A buffer overflow may occur in KDE-PIM's VCF file reader when a maliciously crafted VCF file is opened by a user on a vulnerable system.

Impact

A remote attacker may unauthorized access to a user's personal data or execute commands with the user's privileges.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

KDE users should upgrade to version 3.1.5 or later:

     # emerge sync

     # emerge -pv ">=kde-base/kde-3.1.5"
     # emerge ">=kde-base/kde-3.1.5"

References

[ 1 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

http://security.gentoo.org

Severity: Low
Title: Util-linux login may leak sensitive data
Date: April 07, 2004
Bugs: #46422
ID: 200404-06

Synopsis

The login program included in util-linux could leak sensitive information under certain conditions.

Background

Util-linux is a suite of essential system utilites, including login, agetty, fdisk.

Affected packages

Description

In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer.

NOTE: Only users who have PAM support disabled on their systems (i.e. -PAM in their USE variable) will be affected by this vulnerability. By default, this USE flag is enabled on all architectures. Users with PAM support on their system receive login binaries as part of the pam-login package, which remains unaffected.

Impact

A remote attacker may obtain sensitive data.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.=09

Resolution

All util-linux users should upgrade to version 2.12 or later:

    # emerge sync

    # emerge -pv ">-sys-apps/util-linux-2.12"
    # emerge ">-sys-apps/util-linux-2.12"

References

[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name-CAN-2004-0080

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

http://security.gentoo.org

Severity: High
Title: Tcpdump Vulnerabilities in ISAKMP Parsing
Date: March 31, 2004
Bugs: #38206, #46258
ID: 200404-03

Synopsis

There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets.

Background

Tcpdump is a program for monitoring IP network traffic. Libpcap is a supporting library which is responsibile for capturing packets off a network interface.

Affected packages

Description

There are two specific vulnerabilities in tcpdump, outlined in [ reference 1 ]. In the first scenario, an attacker may send a specially-crafted ISAKMP Delete packet which causes tcpdump to read past the end of its buffer. In the second scenario, an attacker may send an ISAKMP packet with the wrong payload length, again causing tcpdump to read past the end of a buffer.

Impact

Remote attackers could potentially cause tcpdump to crash or execute arbitrary code as the 'pcap' user.

Workaround

There is no known workaround at this time. All tcpdump users are encouraged to upgrade to the latest available version.

Resolution

All tcpdump users should upgrade to the latest available version. ADDITIONALLY, the net-libs/libpcap package should be upgraded.

    # emerge sync

    # emerge -pv ">=net-libs/libpcap-0.8.3-r1" 
">=net-analyzer/tcpdump-3.8.3-r1"

    # emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"

References

[ 1 ] http://www.rapid7.com/advisories/R7-0017.html
[ 2 ] http://rhn.redhat.com/errata/RHSA-2004-008.html
[ 3 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

http://security.gentoo.org

Severity: Normal
Title: ClamAV RAR Archive Remote Denial Of Service Vulnerability
Date: April 07, 2004
Bugs: #45357
ID: 200404-07

Synopsis

ClamAV is vulnerable to a denial of service attack when processing certain RAR archives.

Background

From http://www.clamav.net/ :

"Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date."

Affected packages

Description

Certain types of RAR archives, including those created by variants of the W32.Beagle.A@mm worm, may cause clamav to crash when it attempts to process them.

Impact

This vulnerability causes a Denial of Service in the clamav process. Depending on configuration, this may cause dependent services such as mail to fail as well.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

ClamAV users should upgrade to version 0.68.1 or later:

    # emerge sync

    # emerge -pv ">-net-mail/clamav-0.68.1"
    # emerge ">-net-mail/clamav-0.68.1"

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

http://security.gentoo.org

Severity: Normal
Title: Multiple vulnerabilities in sysstat
Date: April 06, 2004
Bugs: #45159
ID: 200404-04

Synopsis

Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files

Background

sysstat is a package containing a number of performance monitoring utilities for Linux, including sar, mpstat, iostat and sa tools

Affected packages

Description

There are two vulnerabilities in the way sysstat handles symlinks:

1. The isag utility, which displays sysstat data in a graphical format, creates a temporary file in an insecure manner.
2. Two scripts in the sysstat package, post and trigger, create temporary files in an insecure manner.

Impact

Both vulnerabilities may allow an attacker to overwrite arbitrary files under the permissions of the user executing any of the affected utilities.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

Systat users should upgrade to version 4.2 or later:

    # emerge sync

    # emerge -pv ">-app-admin/sysstat-5.0.2"
    # emerge ">-app-admin/sysstat-5.0.2"

References

[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name-CAN-2004-0107
[ 2 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name-CAN-2004-0108

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.