+----------------------------------------------------------------+
|  LinuxSecurity.com                      Linux Advisory Watch   |
|  September 8th, 2000                     Volume 1, Number 19a  |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                  Benjamin Thomas
               dave@linuxsecurity.com       ben@linuxsecurity.com


Linux Advisory Watch is a comprehensive newsletter that outlines
the security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for glibc, screen, apache, and
suidperl.  The advisories released were from Caldera, Conectiva, Debian,
Mandrake, Slackware, SuSE, and Trustix.  The glibc, screen, and suidperl
vulnerabilities can result in a local root compromise.

This week has been full of advisories from various Linux distributions
regarding two severe problems with glibc. Confusing the issue, more than
one vulnerability is involved and they were reported at different times.
That means that some of the updates only fixed the first reported
problem, while others fixed both problems.

-- OpenDoc Publishing -------------------------------------------------
//

Our sponsor this week is OpenDoc Publishing.  Their 480-page
comprehensive security book, Securing and Optimizing Linux, takes a
hands-on approach to installing, optimizing, configuring, and
securing Red Hat Linux. Topics include sendmail 8.10.1, OpenSSL,
ApacheSSL, OpenSSH and much more! Includes Red Hat 6.2 and Red Hat 6.2
PowerTools edition.

https://secure.linuxports.com/cart/security/


+---------------------------------+
|   Installing a new package:     | ----------------------------//
+---------------------------------+

   # rpm  -Uvh <package-name.rpm>
   # dpkg -i   <package-name.deb>

Packages can be installed easily by using rpm (Red Hat Package
Manager) or dpkg (Debian Package Manager).  Most advisories
issued by vendors are packaged in either an rpm or dpkg.
Additional installation instructions can be found in the body
of the advisory.

+---------------------------------+
|   Checking Package Integrity:   | -----------------------------//
+---------------------------------+

The md5sum command is used to compute a 128-bit fingerprint that is
strongly dependant upon the contents of the file to which it is
applied.  It can be used to compare against a previously-generated
sum to determine whether the file has changed.  It is commonly used
to ensure the integrity of updated packages distributed by a vendor.

  # md5sum <package-name>
    ebf0d4a0d236453f63a797ea20f0758b   <package-name>

The string of numbers can then be compared against the MD5 checksum
published by the packager.  While it does not take into account the
possibility that the same person that may have modified a package
also may have modified the published checksum, it is especially
useful for establishing a great deal of assurance in the integrity
of a package before installing it.


+---------------------------------+
|        glibc Advisories         | ----------------------------//
+---------------------------------+


* September 5th, 2000 -- Caldera: 'glibc' vulnerability
http://www.linuxsecurity.com/advisories/caldera_advisory-688.html

     A bug in the parsing of these locale names allows an attacker to
     trick glibc into using locale information files provided by the
     attacker, which can make an application crash.

    
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
     9509340276c43bdcbeee2d95e82b9d03  RPMS/glibc-2.1.1-3.i386.rpm



* September 5th, 2000 -- Conectiva: glibc vulnerabilities
http://www.linuxsecurity.com/advisories/other_advisory-684.html
http://www.linuxsecurity.com/advisories/other_advisory-689.html

     Several problems have been found in the glibc code that allow
     a local attacker to obtain root privileges.

    
ftp://atualizacoes.conectiva.com.br/4.0/i386/glibc-2.1.2-14cl.i386.rpm


* September 4th, 2000 -- Debian: glibc vulnerabilities
http://www.linuxsecurity.com/advisories/debian_advisory-687.html
http://www.linuxsecurity.com/advisories/debian_advisory-683.html

     Recently two problems have been found in the glibc suite, which
     could be used to trick setuid applications to run arbitrary code.

     http://security.debian.org/dists/slink/updates/binary-i386/
     libc6-dbg_2.0.7.19981211-6.2_i386.deb

     MD5 checksum: 23f5aace9db7104163b2422d600d8869



* September 7th, 2000 -- Mandrake: 'glibc' vulnerabilities
http://www.linuxsecurity.com/advisories/mandrake_advisory-694.html

     It is highly probable that some of these bugs can be used
     for local root exploits.

     ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates



* September 5th, 2000 -- Slackware: glibc vulnerabilities
http://www.linuxsecurity.com/advisories/slackware_advisory-690.html


     Three locale-related vulnerabilities with glibc 2.1.3 were recently
     reported on BugTraq.  These vulnerabilities could allow local users
     to gain root access.

     Users of Slackware 7.0, 7.1, and -current are strongly urged to
     upgrade to the new glibc packages in the -current branch.

     ftp://ftp.slackware.com/pub/slackware/slackware-current/
     slakware/a1/glibcso.tgz
     md5sum: 1119944158 781102 a1/glibcso.tgz

     ftp://ftp.slackware.com/pub/slackware/slackware-current/
     slakware/d1/glibc.tgz
     md5sum: 4150671113 22146158 d1/glibc.tgz

     ftp://ftp.slackware.com/pub/slackware/slackware-current/
     slakware/des1/descrypt.tgz
     md5sum: 95989487 95843 des1/descrypt.tgz



* September 6th, 2000 -- SuSE: 'shlibs' vulnerability
http://www.linuxsecurity.com/advisories/suse_advisory-692.html

     The glibc implementations in all SuSE distributions starting with
     SuSE-6.0 have multiple security problems where at least one of them
     allows any local user to gain root access to the system.

     ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/
     shlibs-2.1.3-154.i386.rpm

     753176172ebf628c6567c70a9b950933


* September 7th, 2000 -- Trustix: 'glibc' updates.
http://www.linuxsecurity.com/advisories/other_advisory-695.html

     glibc-2.1.3-10tr.i586.rpm
     glibc-devel-2.1.3-10tr.i586.rpm
     glibc-profile-2.1.3-10tr.i586.rpm
     scd-2.1.3-10tr.i586.rpm
     ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/



+---------------------------------+
|     Other Linux Advisories      |--------------------------------- //
+---------------------------------+


* September 4th, 2000 -- Debian: 'screen' vulnerability
http://www.linuxsecurity.com/advisories/debian_advisory-686.html

     A format string bug was recently discovered in screen which can
     be used to gain elevated privilages if screen is setuid.

     http://security.debian.org/dists/stable/updates/main/binary-i386/
     screen_3.9.5-9_i386.deb

     MD5 checksum: 139c65e404139f6681a4e60b4ef708f1



* September 3rd, 2000 -- Slackware: 'suidperl' vulnerability.
http://www.linuxsecurity.com/advisories/slackware_advisory-685.html

     A root exploit was found in the /usr/bin/suidperl5.6.0 program that
     shipped with the Slackware 7.1 perl.tgz package. It is recommended
     that all users of Slackware 7.1 (and -current) upgrade to the
     perl.tgz package available in the Slackware current branch.

    
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/d1/
     1027099174 6464627 ./perl.tgz 0dfc1c46e3dd22033850fc69928588ec



* September 7th, 2000 -- SuSE: 'apache' vulnerabilities.
http://www.linuxsecurity.com/advisories/suse_advisory-696.html

     The configuration file that comes with the package contains
     two security relevant errors:

     Starting in SuSE-6.0, a section in apache's configuration file
     /etc/httpd/httpd.conf reads Alias /cgi-bin-sdb//usr/local/httpd/
     cgi-bin/ This allows remote users to read the cgi script sources
     of the server, located in /usr/local/httpd/cgi-bin/.

     Opposing the recommendations on the WebDAV homepage under
     http://www.webdav.org /mod_dav/#security, there is no access
control
     or authentification activated. This should most definitely be
     considered a security problem.


    
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/apache-1.3.12-107.i386.rpm
     65bac933de7676ad3d8f63b32c608dad



* September 6th, 2000 -- SuSE: 'screen' vulnerability
http://www.linuxsecurity.com/advisories/suse_advisory-693.html

     screen, a tty multiplexer, is installed suid root by default on
SuSE
     Linux distributions. By supplying a thoughtfully designed string as
     the visual bell message, local users can obtain root privilege.
     Exploit information has been published on security forums.


    
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/screen-3.9.8-1.i386.rpm
     84b6330f0b9ac7600cc5ec53a9dfdbe9
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------