Red Hat has released updated httpd packages
Red Hat has released updated lftp packages for Red Hat Linux
Updated gnupg packages are now available for Red Hat Linux
Updated rsync packages for Red Hat Linux has been released
Thanks Spunz for this one:
rsync 2.5.6 security advisory
December 4th 2003
Background
The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the forensic evidence we have is incomplete, we have pieced together the most likely way that this attack was conducted and we are releasing this advisory as a result of our investigations to date.
Our conclusions are that:
rsync version 2.5.6 and earlier contains a heap overflow vulnerability that can be used to remotely run arbitrary code. While this heap overflow vulnerability could not be used by itself to obtain root access on a rsync server, it could be used in combination with the recently announced brk vulnerability in the Linux kernel to produce a full remote compromise. The server that was compromised was using a non-default rsyncd.conf option "use chroot = no". The use of this option made the attack on the compromised server considerably easier. A successful attack is almost certainly still possible without this option, but it would be much more difficult.
Read more
rsync 2.5.6 security advisory
December 4th 2003
Background
The rsync team has received evidence that a vulnerability in rsync was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server. While the forensic evidence we have is incomplete, we have pieced together the most likely way that this attack was conducted and we are releasing this advisory as a result of our investigations to date.
Our conclusions are that:
rsync version 2.5.6 and earlier contains a heap overflow vulnerability that can be used to remotely run arbitrary code. While this heap overflow vulnerability could not be used by itself to obtain root access on a rsync server, it could be used in combination with the recently announced brk vulnerability in the Linux kernel to produce a full remote compromise. The server that was compromised was using a non-default rsyncd.conf option "use chroot = no". The use of this option made the attack on the compromised server considerably easier. A successful attack is almost certainly still possible without this option, but it would be much more difficult.
Read more
Red Hat has released updated Net-SNMP packages for Red Hat Linux
Thanks Spunz. The rsync.gentoo.org rotation server has been compromised.
Here the full announcement:
-------------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-01
-------------------------------------------------------------------------------
Summary : rsync.gentoo.org rotation server compromised
Date : 2003-12-02
Exploit : remote
CVE : - None -
Priority : Normal
-------------------------------------------------------------------------------
SUMMARY:
========
On December 2nd at approximately 03:45 UTC, one of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit. At this point, we are still performing forensic analysis. However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected. The attacker appears to have installed a rootkit and modified/deleted some files to cover their tracks, but left the server otherwise untouched.
Here the full announcement:
-------------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200312-01
-------------------------------------------------------------------------------
Summary : rsync.gentoo.org rotation server compromised
Date : 2003-12-02
Exploit : remote
CVE : - None -
Priority : Normal
-------------------------------------------------------------------------------
SUMMARY:
========
On December 2nd at approximately 03:45 UTC, one of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit. At this point, we are still performing forensic analysis. However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected. The attacker appears to have installed a rootkit and modified/deleted some files to cover their tracks, but left the server otherwise untouched.
Ensim has released updated PostgreSQL packages for Ensim 3.5.20
Red Hat has released an updated 2.4 kernel for Red Hat Linux
NewsForge has posted a news story on the new Kernel exploit
Thanks Greg for this one:
Package : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18
Vulnerability : userland can access full kernel memory
Problem type : local
Debian-specific: no
CVE Id(s) : CAN-2003-0961
Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit. Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space. This problem was found in September by Andrew Morton, but unfortunately that was too late for the 2.4.22 kernel release.
This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and 2.6.0-test6 kernel tree. For Debian it has been fixed in version 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images.
Read more
Package : kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18
Vulnerability : userland can access full kernel memory
Problem type : local
Debian-specific: no
CVE Id(s) : CAN-2003-0961
Recently multiple servers of the Debian project were compromised using a Debian developers account and an unknown root exploit. Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space. This problem was found in September by Andrew Morton, but unfortunately that was too late for the 2.4.22 kernel release.
This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and 2.6.0-test6 kernel tree. For Debian it has been fixed in version 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386 kernel images and version 2.4.18-11 of the alpha kernel images.
Read more
Red Hat has released updated Pan packages for Red Hat Linux
Red Hat has released updated iproute packages for Red Hat Linux
Updated PostgreSQL packages that correct a buffer overflow in the to_ascii routines are now available for Red Hat Linux.
Read more
Read more
Updated zebra packages that close a locally-exploitable and a remotely-exploitable denial of service vulnerability are now available.
Read more
Read more
Ensim Security Release
Title: Updated glibc packages provide security and bug fixes
Date: November 20, 2003
References: http://rhn.redhat.com/errata/RHSA-2003-325.html
Affected Products: WEBppliance Pro and Basic for Linux 3.5.20 (LS and LH)
-------------------------------------------------------------------------------
Ensim has released a number of RPMs to address some serious security issues and bug fixes with the glibc packages. Further details of the Security Vulerabilities are available at: http://rhn.redhat.com/errata/RHSA-2003-325.html
To address the above-mentioned security concerns, you can immediately download and install the security fix from the Ensim Errata Section at: http://www.ensim.com/support/errata.html
Regular maintenance releases for WEBppliance Pro and Basic for Linux are available at:
http://www.ensim.com/support/wpls/index.html
http://www.ensim.com/support/wpls_basic/index.html
Title: Updated glibc packages provide security and bug fixes
Date: November 20, 2003
References: http://rhn.redhat.com/errata/RHSA-2003-325.html
Affected Products: WEBppliance Pro and Basic for Linux 3.5.20 (LS and LH)
-------------------------------------------------------------------------------
Ensim has released a number of RPMs to address some serious security issues and bug fixes with the glibc packages. Further details of the Security Vulerabilities are available at: http://rhn.redhat.com/errata/RHSA-2003-325.html
To address the above-mentioned security concerns, you can immediately download and install the security fix from the Ensim Errata Section at: http://www.ensim.com/support/errata.html
Regular maintenance releases for WEBppliance Pro and Basic for Linux are available at:
http://www.ensim.com/support/wpls/index.html
http://www.ensim.com/support/wpls_basic/index.html
Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM.
Updated EPIC packages which fix an exploitable buffer overflow vulnerabilityare now available.
