Gentoo Linux Security Advisory GLSA 200404-05
Severity: High
Title: ipsec-tools contains an X.509 certificates
vulnerability.
Date: April 07, 2004
Bugs: #47013
ID: 200404-05
Synopsis
ipsec-tools contains a vulnerability that affects connections
authenticated with X.509 certificates.
Background
From http://ipsec-tools.sourceforge.net/
:
“IPsec-Tools is a port of KAME’s IPsec utilities to the
Linux-2.6 IPsec implementation.”
Affected packages
| Package | Vulnerable | Unaffected |
| net-firewall/ipsec-tools | <- 0.2.4 | >- 0.2.5 |
Description
racoon (a utility in the ipsec-tools package) does not verify
digital signatures on Phase1 packets. This means that anybody
holding the correct X.509 certificate would be able to establish a
connection, even if they did not have the corresponding private
key.
Impact
Since digital signatures are not verified by the racoon tool, an
attacker may be able to connect to the VPN gateway and/or execute a
man-in-the-middle attack.
Workaround
A workaround is not currently known for this issue. All users
are advised to upgrade to the latest version of the affected
package.
Resolution
ipsec-tools users should upgrade to version 0.2.5 or later:
# emerge sync
# emerge -pv ">-net-firewall/ipsec-tools-0.2.5"
# emerge ">-net-firewall/ipsec-tools-0.2.5"
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Gentoo Linux Security Advisory GLSA 200404-02
Severity: High
Title: KDE Personal Information Management Suite Remote Buffer
Overflow Vulnerability
Date: April 06, 2004
Bugs: #38256
ID: 200404-02
Synopsis
KDE-PIM may be vulnerable to a remote buffer overflow attack
that may allow unauthorized access to an affected system.
Background
KDE-PIM is an application suite designed to manage mail,
addresses, appointments, and contacts.
Affected packages
| Package | Vulnerable | Unaffected |
| kde-base/kde | <= 3.1.4 | >= 3.1.5 |
Description
A buffer overflow may occur in KDE-PIM’s VCF file reader when a
maliciously crafted VCF file is opened by a user on a vulnerable
system.
Impact
A remote attacker may unauthorized access to a user’s personal
data or execute commands with the user’s privileges.
Workaround
A workaround is not currently known for this issue. All users
are advised to upgrade to the latest version of the affected
package.
Resolution
KDE users should upgrade to version 3.1.5 or later:
# emerge sync
# emerge -pv ">=kde-base/kde-3.1.5"
# emerge ">=kde-base/kde-3.1.5"
References
[ 1 ] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Gentoo Linux Security Advisory GLSA 200404-06
Severity: Low
Title: Util-linux login may leak sensitive data
Date: April 07, 2004
Bugs: #46422
ID: 200404-06
Synopsis
The login program included in util-linux could leak sensitive
information under certain conditions.
Background
Util-linux is a suite of essential system utilites, including
login, agetty, fdisk.
Affected packages
| Package | Vulnerable | Unaffected |
| sys-apps/util-linux | <- 2.11 | >- 2.12 |
Description
In some situations the login program could leak sensitive data
due to an incorrect usage of a reallocated pointer.
NOTE: Only users who have PAM support disabled on their systems
(i.e. -PAM in their USE variable) will be affected by this
vulnerability. By default, this USE flag is enabled on all
architectures. Users with PAM support on their system receive login
binaries as part of the pam-login package, which remains
unaffected.
Impact
A remote attacker may obtain sensitive data.
Workaround
A workaround is not currently known for this issue. All users
are advised to upgrade to the latest version of the affected
package.=09
Resolution
All util-linux users should upgrade to version 2.12 or
later:
# emerge sync
# emerge -pv ">-sys-apps/util-linux-2.12"
# emerge ">-sys-apps/util-linux-2.12"
References
[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name-CAN-2004-0080
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Gentoo Linux Security Advisory GLSA 200404-03
Severity: High
Title: Tcpdump Vulnerabilities in ISAKMP Parsing
Date: March 31, 2004
Bugs: #38206, #46258
ID: 200404-03
Synopsis
There are multiple vulnerabilities in tcpdump and libpcap
related to parsing of ISAKMP packets.
Background
Tcpdump is a program for monitoring IP network traffic. Libpcap
is a supporting library which is responsibile for capturing packets
off a network interface.
Affected packages
net-libs/libpcap
| Package | Vulnerable | Unaffected |
| net-analyzer/tcpdump | <= 3.8.1 | >= 3.8.3-r1 |
| <= 0.8.1-r1 | >= 0.8.3-r1 |
Description
There are two specific vulnerabilities in tcpdump, outlined in [
reference 1 ]. In the first scenario, an attacker may send a
specially-crafted ISAKMP Delete packet which causes tcpdump to read
past the end of its buffer. In the second scenario, an attacker may
send an ISAKMP packet with the wrong payload length, again causing
tcpdump to read past the end of a buffer.
Impact
Remote attackers could potentially cause tcpdump to crash or
execute arbitrary code as the ‘pcap’ user.
Workaround
There is no known workaround at this time. All tcpdump users are
encouraged to upgrade to the latest available version.
Resolution
All tcpdump users should upgrade to the latest available
version. ADDITIONALLY, the net-libs/libpcap package should be
upgraded.
# emerge sync
# emerge -pv ">=net-libs/libpcap-0.8.3-r1"
">=net-analyzer/tcpdump-3.8.3-r1"
# emerge ">=net-libs/libpcap-0.8.3-r1" ">=net-analyzer/tcpdump-3.8.3-r1"
References
[ 1 ] http://www.rapid7.com/advisories/R7-0017.html
[ 2 ] http://rhn.redhat.com/errata/RHSA-2004-008.html
[ 3 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0989
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Gentoo Linux Security Advisory GLSA 200404-07
Severity: Normal
Title: ClamAV RAR Archive Remote Denial Of Service
Vulnerability
Date: April 07, 2004
Bugs: #45357
ID: 200404-07
Synopsis
ClamAV is vulnerable to a denial of service attack when
processing certain RAR archives.
Background
From http://www.clamav.net/
:
“Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main
purpose of this software is the integration with mail servers
(attachment scanning). The package provides a flexible and scalable
multi-threaded daemon, a command line scanner, and a tool for
automatic updating via Internet. The programs are based on a shared
library distributed with the Clam AntiVirus package, which you can
use with your own software. Most importantly, the virus database is
kept up to date.”
Affected packages
| Package | Vulnerable | Unaffected |
| net-mail/clamav | <- 0.68 | >- 0.68.1 |
Description
Certain types of RAR archives, including those created by
variants of the W32.Beagle.A@mm worm, may cause clamav to crash
when it attempts to process them.
Impact
This vulnerability causes a Denial of Service in the clamav
process. Depending on configuration, this may cause dependent
services such as mail to fail as well.
Workaround
A workaround is not currently known for this issue. All users
are advised to upgrade to the latest version of the affected
package.
Resolution
ClamAV users should upgrade to version 0.68.1 or later:
# emerge sync
# emerge -pv ">-net-mail/clamav-0.68.1"
# emerge ">-net-mail/clamav-0.68.1"
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Gentoo Linux Security Advisory GLSA 200404-04
Severity: Normal
Title: Multiple vulnerabilities in sysstat
Date: April 06, 2004
Bugs: #45159
ID: 200404-04
Synopsis
Multiple vulnerabilities in the way sysstat handles symlinks may
allow an attacker to execute arbitrary code or overwrite arbitrary
files
Background
sysstat is a package containing a number of performance
monitoring utilities for Linux, including sar, mpstat, iostat and
sa tools
Affected packages
| Package | Vulnerable | Unaffected |
| app-admin/sysstat | < 5.0.2 | >- 5.0.2 |
Description
There are two vulnerabilities in the way sysstat handles
symlinks:
- The isag utility, which displays sysstat data in a graphical
format, creates a temporary file in an insecure manner. - Two scripts in the sysstat package, post and trigger, create
temporary files in an insecure manner.
Impact
Both vulnerabilities may allow an attacker to overwrite
arbitrary files under the permissions of the user executing any of
the affected utilities.
Workaround
A workaround is not currently known for this issue. All users
are advised to upgrade to the latest version of the affected
package.
Resolution
Systat users should upgrade to version 4.2 or later:
# emerge sync
# emerge -pv ">-app-admin/sysstat-5.0.2"
# emerge ">-app-admin/sysstat-5.0.2"
References
[ 1 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name-CAN-2004-0107
[ 2 ] http://cve.mitre.org/cgi-bin/cvename.cgi?name-CAN-2004-0108
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.