Rafael Rodrigues Obelheiro
1999-Dec-01 01:39 UTC
Security Patches for Slackware 7.0 Available (fwd)
---------- Forwarded message ----------
Date: Tue, 30 Nov 1999 12:14:09 -0800 (PST)
From: David Cantrell <david@slackware.com>
To: slackware-security@slackware.com
Subject: Security Patches for Slackware 7.0 Available
There are several security updates available for Slackware 7.0. We will
always post bug fixes and security fixes to the /patches subdirectory on
the ftp site:
ftp.cdrom.com:/pub/linux/slackware-7.0/patches
The ChangeLog.txt file in that directory will show what has been patched and
why. Here is a short overview of the current patches available:
====================== BIND-8.2.2-P5 available
======================
CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND:
http://www.cert.org/advisories/CA-99-14-bind.html
Six vulnerabilities have been found in BIND, the popular domain name
server from the Internet Software Consortium (ISC). One of these
vulnerabilities may allow remote intruders to gain priviledged access
to name servers.
It is recommended that all systems running the BIND package that
shipped with Slackware 7.0 upgrade to this one. Here is the ChangeLog
description:
bind.tgz Upgraded to bind-8.2.2-P5. This fixes a vulnerability
in the processing of NXT records that can be used in a
DoS attack or (theoretically) be exploited to gain access
to the server. It is suggested that everyone running
bind upgrade to this package as soon as possible.
============================= nfs-server-2.2beta47 available
=============================
It is recommended that all Slackware 7.0 systems using NFS upgrade to
nfs-server 2.2beta47 to patch a possible exploit. Here is the
ChangeLog description:
nfs-server.tgz Upgraded to nfs-server-2.2beta47, to fix a security
problem with the version that shipped with Slackware 7.0
(nfs-server-2.2beta46). By using a long pathname on a
directory NFS mounted read-write, it may be possible for
an attacker to execute arbitrary code on the server. It
is recommended that everyone running an NFS server
upgrade to this package immediately.
These packages are designed to be installed on top of an existing Slackware
7.0 installation. In the case where a package already exists (such as
bind.tgz), it is adviseable to use upgradepkg. For other fixes (such as the
nfs-server.tgz one), you can just use installpkg to install the fix.
NOTE: For packages that replace daemons on the system (such as bind), you
need to make sure that you stop the daemon before installing the package.
Otherwise the file may not be updated properly because it is in use. You
can either stop the daemon manually or go into single user mode and then
go back to multiuser mode. Example:
# telinit 1 Go into single user mode
# upgradepkg bind Perform the upgrade
# telinit 3 Go back to multiuser mode
Remember to back up configuration files before performing upgrades.
- The Slackware Linux Project
http://www.slackware.com
From mail@mail.redhat.com Wed Dec 1 03:47:27 1999
Received: (qmail 29319 invoked from network); 1 Dec 1999 08:47:32 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 1 Dec 1999 08:47:32 -0000
Received: from rosie.bitwizard.nl (root@13dyn215.delft.casema.net
[212.64.76.215])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id DAA07065
for <linux-security@redhat.com>; Wed, 1 Dec 1999 03:47:27 -0500
Received: from cave.bitwizard.nl (root@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id JAA07546
for <linux-security@redhat.com>; Wed, 1 Dec 1999 09:47:25 +0100
Received: (from wolff@localhost)
by cave.bitwizard.nl (8.9.3/8.9.3) id JAA00975
for linux-security@redhat.com; Wed, 1 Dec 1999 09:47:24 +0100
Approved: R.E.Wolff@BitWizard.nl
Received: (qmail 8509 invoked by alias); 1 Dec 1999 01:42:33 -0000
Received: (qmail 8506 invoked from network); 1 Dec 1999 01:42:33 -0000
Received: from lists.redhat.com (199.183.24.247)
by www.bitwizard.nl with SMTP; 1 Dec 1999 01:42:33 -0000
Received: (qmail 7135 invoked by uid 501); 1 Dec 1999 01:42:18 -0000
Received: (qmail 7115 invoked from network); 1 Dec 1999 01:42:18 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 1 Dec 1999 01:42:18 -0000
Received: from vangogh.lcmi.ufsc.br (vangogh.lcmi.ufsc.br [150.162.14.111])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id UAA26084
for <linux-security@redhat.com>; Tue, 30 Nov 1999 20:42:15 -0500
Received: from jazz.lcmi.ufsc.br (root@200-215-21-151-as.acessonet.com.br
[200.215.21.151])
by vangogh.lcmi.ufsc.br (8.8.8/8.8.8) with ESMTP id XAA28547;
Tue, 30 Nov 1999 23:41:03 -0200 (EDT)
(envelope-from obelix@lcmi.ufsc.br)
Received: from localhost (obelix@localhost [127.0.0.1])
by jazz.lcmi.ufsc.br (8.9.3/8.9.3) with ESMTP id XAA00508;
Tue, 30 Nov 1999 23:40:44 -0200
Date: Tue, 30 Nov 1999 23:40:44 -0200 (EDT)
From: Rafael Rodrigues Obelheiro <obelix@lcmi.ufsc.br>
To: linux-security@redhat.com, BUGTRAQ@securityfocus.com
Subject: Security Fixes for Slackware 4.0 Available (fwd)
Message-ID: <Pine.LNX.4.10.9911302340220.427-100000@jazz.lcmi.ufsc.br>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
---------- Forwarded message ----------
Date: Tue, 30 Nov 1999 12:13:36 -0800 (PST)
From: David Cantrell <david@slackware.com>
To: slackware-security@slackware.com
Subject: Security Fixes for Slackware 4.0 Available
There are several security updates available for Slackware 4.0. These
patches should work on any libc5 Slackware system, but we have not tested
them on each of the previous releases. We will always post bug fixes and
security fixes to the /patches subdirectory on the ftp site:
ftp.cdrom.com:/pub/linux/slackware-4.0/patches
The ChangeLog.txt file in that directory will show what has been patched and
why. Here is a short overview of the current patches available:
====================== BIND-8.2.2-P5 available
======================
CERT Advisory CA-99-14 Multiple Vulnerabilities in BIND:
http://www.cert.org/advisories/CA-99-14-bind.html
Six vulnerabilities have been found in BIND, the popular domain name
server from the Internet Software Consortium (ISC). One of these
vulnerabilities may allow remote intruders to gain priviledged access
to name servers.
It is recommended that all systems running the BIND package that
shipped with Slackware 7.0 upgrade to this one. Here is the ChangeLog
description:
bind.tgz Upgraded to bind-8.2.2-P5. This fixes a vulnerability
in the processing of NXT records that can be used in a
DoS attack or (theoretically) be exploited to gain access
to the server. It is suggested that everyone running
bind upgrade to this package as soon as possible.
============================= nfs-server-2.2beta47 available
=============================
It is recommended that all Slackware 4.0 systems using NFS upgrade to
nfs-server 2.2beta47 to patch a possible exploit. Here is the
ChangeLog description:
nfs-server.tgz Upgraded to nfs-server-2.2beta47, to fix a security problem
found in nfs-server-2.2beta46 and earlier. By using a long
pathname on a directory NFS mounted read-write, it may be
possible for an attacker to execute arbitrary code on the
server. It is recommended that everyone running an NFS
server upgrade to this package immediately.
These packages are designed to be installed on top of an existing Slackware
4.0 installation. In the case where a package already exists (such as
bind.tgz), it is adviseable to use upgradepkg. For other fixes (such as the
nfs-server.tgz one), you can just use installpkg to install the fix.
NOTE: For packages that replace daemons on the system (such as bind), you
need to make sure that you stop the daemon before installing the package.
Otherwise the file may not be updated properly because it is in use. You
can either stop the daemon manually or go into single user mode and then
go back to multiuser mode. Example:
# telinit 1 Go into single user mode
# upgradepkg bind Perform the upgrade
# telinit 3 Go back to multiuser mode
Remember to back up configuration files before performing upgrades.
- The Slackware Linux Project
http://www.slackware.com
From mail@mail.redhat.com Wed Dec 1 03:47:32 1999
Received: (qmail 29453 invoked from network); 1 Dec 1999 08:47:34 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 1 Dec 1999 08:47:34 -0000
Received: from rosie.bitwizard.nl (root@13dyn215.delft.casema.net
[212.64.76.215])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id DAA07071
for <linux-security@redhat.com>; Wed, 1 Dec 1999 03:47:32 -0500
Received: from cave.bitwizard.nl (root@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id JAA07553
for <linux-security@redhat.com>; Wed, 1 Dec 1999 09:47:29 +0100
Received: (from wolff@localhost)
by cave.bitwizard.nl (8.9.3/8.9.3) id JAA00991
for linux-security@redhat.com; Wed, 1 Dec 1999 09:47:28 +0100
Approved: R.E.Wolff@BitWizard.nl
Received: (qmail 8256 invoked by alias); 1 Dec 1999 01:09:12 -0000
Received: (qmail 8253 invoked from network); 1 Dec 1999 01:09:11 -0000
Received: from lists.redhat.com (199.183.24.247)
by www.bitwizard.nl with SMTP; 1 Dec 1999 01:09:11 -0000
Received: (qmail 15578 invoked by uid 501); 1 Dec 1999 01:09:11 -0000
Received: (qmail 14145 invoked from network); 1 Dec 1999 01:08:47 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 1 Dec 1999 01:08:47 -0000
Received: from nirvana.ingames.com (root@ingames.no [195.159.15.5])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id UAA24524
for <linux-security@redhat.com>; Tue, 30 Nov 1999 20:08:44 -0500
Received: from glynn.ingames.com (glynn.cvg.no [195.159.15.204])
by nirvana.ingames.com (8.8.7/8.8.7) with SMTP id CAA23209;
Wed, 1 Dec 1999 02:11:08 +0100
From: Glynn Clements <glynn@sensei.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14404.30024.249000.591863@glynn.ingames.com>
Date: Wed, 1 Dec 1999 02:09:25 +0100 (GMT--1:00)
To: hgtaesml@umail.furryterror.org (Zygo Blaxell)
Cc: <linux-security@redhat.com>
Subject: [linux-security] Re: Programming ...
In-Reply-To: <slrn847rok.dhq.zblaxell@washu.furryterror.org>
References: <Pine.LNX.4.10.9911270940190.3182-100000@one.ctelcom.net>
<m3iu2n4mlc.fsf@jfog-bb.dep.no>
<slrn847rok.dhq.zblaxell@washu.furryterror.org>
X-Mailer: VM 6.67 under 21.1 (patch 4) "Arches" XEmacs Lucid
Zygo Blaxell wrote:
> Deleting files in /tmp (or a user's home directory, for that matter)
> is not a trivial operation from a security point of view. You can't
> safely use "find" and "xargs"--or even "rm
-rf"--unless you can guarantee
> that no users have write access to the directory tree in question
> (e.g. because the system is in single-user mode).
One of the linux-admin subscribers had a neat alternative for /tmp
cleaning, which I couldn't see any problems with. This involved
creating a statically-linked "rm" binary, and then doing e.g.
cp ~/static-rm ~/rm # installing the "rm" binary needs to be
mv -f ~/rm /tmp/rm # safe against symlink games
cd /tmp
chroot /tmp /rm -rf .
--
Glynn Clements <glynn@sensei.co.uk>
From mail@mail.redhat.com Wed Dec 1 10:59:49 1999
Received: (qmail 5636 invoked from network); 1 Dec 1999 15:59:56 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 1 Dec 1999 15:59:56 -0000
Received: from rosie.bitwizard.nl (root@13dyn148.delft.casema.net
[212.64.76.148])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id KAA28667
for <linux-security@redhat.com>; Wed, 1 Dec 1999 10:59:49 -0500
Received: from cave.bitwizard.nl (root@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id QAA10109
for <linux-security@redhat.com>; Wed, 1 Dec 1999 16:59:40 +0100
Received: (from wolff@localhost)
by cave.bitwizard.nl (8.9.3/8.9.3) id QAA13814
for linux-security@redhat.com; Wed, 1 Dec 1999 16:59:37 +0100
Approved: R.E.Wolff@BitWizard.nl
Received: (qmail 13732 invoked by alias); 1 Dec 1999 15:48:06 -0000
Received: (qmail 13729 invoked from network); 1 Dec 1999 15:48:06 -0000
Received: from lists.redhat.com (199.183.24.247)
by www.bitwizard.nl with SMTP; 1 Dec 1999 15:48:05 -0000
Received: (qmail 23300 invoked by uid 501); 1 Dec 1999 15:45:15 -0000
Received: (qmail 7409 invoked from network); 1 Dec 1999 15:29:35 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 1 Dec 1999 15:29:35 -0000
Received: from blues.jpj.net (trevor@blues.jpj.net [204.97.17.146])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id KAA26530
for <linux-security@redhat.com>; Wed, 1 Dec 1999 10:29:34 -0500
Received: from localhost (trevor@localhost)
by blues.jpj.net (right/backatcha) with SMTP id KAA14912;
Wed, 1 Dec 1999 10:29:30 -0500 (EST)
Date: Wed, 1 Dec 1999 10:29:30 -0500 (EST)
From: Trevor Johnson <trevor@jpj.net>
To: Antonomasia <ant@notatla.demon.co.uk>
cc: linux-security@redhat.com
Subject: [linux-security] Re: Programming ....
In-Reply-To: <199911271503.PAA00680@notatla.demon.co.uk>
Message-ID: <Pine.BSI.3.96.991201102657.13146H-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: O
Under "Security recommendations" at
http://www.openbsd.org/porting.html
are some tips that might apply.
__
Trevor Johnson
From mail@mail.redhat.com Fri Dec 3 18:48:21 1999
Received: (qmail 8955 invoked from network); 3 Dec 1999 23:48:23 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 3 Dec 1999 23:48:23 -0000
Received: from rosie.bitwizard.nl (root@13dyn32.delft.casema.net [212.64.76.32])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id SAA04849
for <linux-security@redhat.com>; Fri, 3 Dec 1999 18:48:21 -0500
Received: from cave.bitwizard.nl (root@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id AAA25623
for <linux-security@redhat.com>; Sat, 4 Dec 1999 00:48:16 +0100
Received: (from wolff@localhost)
by cave.bitwizard.nl (8.9.3/8.9.3) id AAA01671
for linux-security@redhat.com; Sat, 4 Dec 1999 00:48:14 +0100
Approved: R.E.Wolff@BitWizard.nl
Received: (qmail 736 invoked by alias); 3 Dec 1999 15:57:35 -0000
Received: (qmail 733 invoked from network); 3 Dec 1999 15:57:35 -0000
Received: from lists.redhat.com (199.183.24.247)
by www.bitwizard.nl with SMTP; 3 Dec 1999 15:57:35 -0000
Received: (qmail 32597 invoked by uid 501); 3 Dec 1999 15:57:34 -0000
Received: (qmail 32585 invoked from network); 3 Dec 1999 15:57:34 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 3 Dec 1999 15:57:34 -0000
Received: from lux.krokus.com.pl (bartek@lux.krokus.com.pl [195.117.244.118])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id KAA05927
for <linux-security@redhat.com>; Fri, 3 Dec 1999 10:57:28 -0500
Received: from localhost (bartek@localhost)
by lux.krokus.com.pl (8.8.7/8.8.7) with ESMTP id QAA15332
for <linux-security@redhat.com>; Fri, 3 Dec 1999 16:57:56 +0100
Date: Fri, 3 Dec 1999 16:57:56 +0100 (EET)
From: Bartosz Lis <bartek@krokus.com.pl>
To: linux-security@redhat.com
Subject: [linux-security] Re: Programming ...
Message-ID: <Pine.LNX.4.10.9912031601480.14907-100000@lux.krokus.com.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
While looking for holes in the utility script, that Glynn Clements sent, I
have realized that using "~/" may be dangerous. The original script:
On Wed, 1 Dec 1999, Glynn Clements wrote:
[---cut---]> cp ~/static-rm ~/rm # installing the "rm" binary needs to
be
> mv -f ~/rm /tmp/rm # safe against symlink games
> cd /tmp
> chroot /tmp /rm -rf .
[---cut---]
is very unlikely to be compromised. But if you'd like to write your own
scripts using the above idea, you'd better change "~/" to absolute
paths
(i.e. /root/). Rogier Wolff <R.E.Wolff@BitWizard.nl>, with whom I have
discussed security issues of that script, stressed that the script was
intended to be run in multiuser mode. It will work well until the HOME
variable evaluates to /root, thus it will fail in single user mode.
Detailed explanation
"~/" is replaced by bash with the value of "$HOME". This
variable for root
usually evaluates to "/root", but in single user mode it evaluates to
"/".
If trusted or static binaries are put for example in /root/bin and the
binaries are referenced in scripts as ~/bin/something , bash will look
for binaries in /bin (that is /bin/something) when in single user mode.
Binaries from /bin are dynamically linked and if run chrooted to
/tmp , library loader will look for /tmp/etc/ld.so.conf and
/tmp/lib/lib*.so . If you are attacked by an intruder, who knows what
you have in your scripts, he may put his Troyan horses to those locations.
"~root/" or "~user/" seem to be safier. Bash takes
user's home directory
from /etc/passwd. When run in a script executed by bash, which was
chrooted to /tmp , the /tmp/etc/passwd is consulted.
Conclusions
1. Don't use "~/" in security related scripts or at least set the
HOME
variable.
2. Reconsider using "~user/" syntax in scripts that are run chrooted.
Greetings,
--
Bartosz Lis
Krokus sp. z o.o.
snail-mail: Sterlinga 26, 90-213 Lodz, Poland
e-mail: B.Lis@krokus.com.pl
phone: [POLAND](42) 63 00110
www: http://www.krokus.com.pl
From mail@mail.redhat.com Wed Dec 8 16:08:16 1999
Received: (qmail 948 invoked from network); 8 Dec 1999 21:08:25 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 Dec 1999 21:08:25 -0000
Received: from rosie.bitwizard.nl (root@14dyn67.delft.casema.net [212.64.77.67])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id QAA01427
for <linux-security@redhat.com>; Wed, 8 Dec 1999 16:08:16 -0500
Received: from cave.bitwizard.nl (root@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id WAA28613
for <linux-security@redhat.com>; Wed, 8 Dec 1999 22:08:07 +0100
Received: (from wolff@localhost)
by cave.bitwizard.nl (8.9.3/8.9.3) id WAA22304
for linux-security@redhat.com; Wed, 8 Dec 1999 22:08:02 +0100
Approved: R.E.Wolff@BitWizard.nl
Received: (qmail 20036 invoked by alias); 8 Dec 1999 19:36:15 -0000
Received: (qmail 20033 invoked from network); 8 Dec 1999 19:36:15 -0000
Received: from lists.redhat.com (199.183.24.247)
by www.bitwizard.nl with SMTP; 8 Dec 1999 19:36:15 -0000
Received: (qmail 4480 invoked by uid 501); 8 Dec 1999 19:36:13 -0000
Received: (qmail 4451 invoked from network); 8 Dec 1999 19:36:13 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 Dec 1999 19:36:13 -0000
Received: from baker.compeng.net (baker.v-wave.com [24.108.49.112])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id OAA28305
for <linux-security@redhat.com>; Wed, 8 Dec 1999 14:36:12 -0500
Received: (from mail@localhost)
by baker.compeng.net (8.9.3/8.9.3) id MAA11828
for <linux-security@redhat.com>; Wed, 8 Dec 1999 12:28:45 -0700
X-Authentication-Warning: baker.compeng.net: mail set sender to
<Blair.Lowe@compeng.net> using -f
Received: from unknown(192.168.122.85) by baker.compeng.net via smap (V2.1)
id xma011826; Wed, 8 Dec 99 12:28:21 -0700
Mime-Version: 1.0
X-Sender: blair.lowe@mail.pleasantview.compeng.net (Unverified)
Message-Id: <v04220800b474616e4a47@[192.168.122.85]>
In-Reply-To: <8825683F.005B6284.00@notes.r-u-i.com>
References: <8825683F.005B6284.00@notes.r-u-i.com>
Date: Wed, 8 Dec 1999 12:35:42 -0700
To: linux-security@redhat.com
From: Blair Lowe <Blair.Lowe@compeng.net>
Subject: IMAP security across the net.
Content-Type: text/plain; charset="us-ascii" ;
format="flowed"
Hi,
We are wondering if anyone knows the security features of IMAP.
I know (at least I think I know;) that plain POPMAIL uses no
encryption on the password, and that APOP provides some encryption.
Ideally we would like a secure system that is accessible from any
laptop anywhere on the net.
Thanks,
Blair.
Computer Engineering Inc.
http://www.compeng.net
Phone: 780 499 5687 (9 - 5 MST)
Fax: 780 435 0693 (24 Hours)
Maybe Matching Threads
Wisdom of the Ancients
