SUSE Security Summary Report SUSE-SR:2004:005
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Summary Report
Announcement-ID: SUSE-SR:2004:005
Date: Tuesday, Dec 21th 2004 15:00 MEST
Cross References: CAN-2004-1079
Content of this advisory:
1) solved security vulnerabilities:
- ncpfs buffer overflow
2) pending vulnerabilities, solutions, workarounds:
- Sun and Blackdown Java
- new kernel problems
- squirrelmail cross site scripting
- acroread buffer overflow
- phpMyAdmin remote command execution
- wget file overwrite problems
- multiple php vulnerabilities
- multiple problems reported by djb
3) standard appendix (further information)
______________________________________________________________________________
1) solved security vulnerabilities
To avoid spamming lists with advisories for every small incident,
we will release weekly summary advisories for issues where we have
released updates without a full advisory. Since these are minor
issues, md5sums and ftp URLs are not included.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- ncpfs
A buffer overflow in the command line parameter handling of the
ncplogin and ncpmap tools could be used by a local attacker
also member of the "trusted" group to gain root access. Since the
users in the "trusted" group are usually the ones having root
access, this is not considered a huge problem.
This is tracked by the Mitre CVE ID CAN-2004-1079.
All SUSE Linux based products are affected.
The SUSE Security Team wishes you a merry Christmas and a Happy New
Year 2005!
______________________________________________________________________________
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- Sun Java Plugin
A privilege escalation problem was found in the Sun Java Plugin
which could have a remote attacker reading and writing files of
a local user browsing websites.
This bug affects all SUSE versions on the Intel x86 and AMD64 /
Intel Extended Memory Architecture (EM64T) platforms.
We are in the process of releasing updated Java packages.
- kernel
Several more problems have been found in the Linux 2.4 and 2.6
kernels:
- A race condition in the unix_dgram_recvmsg() could lead
to a local attacker overwriting kernel memory and gain root
access. This was reported by Paul Starzetz.
This is tracked by the Mitre CVE ID CAN-2004-1068.
- Problems in IGMP ioctl processing can allow a local attacker
to crash the machine. This was assigned the Mitre CVE ID
CAN-2004-1137.
- A local denial service problem using badly formed ELF executables,
where it was possible for a local attacker to crash the machine
by using handcrafted ELF binaries.
- An integer overflow in the cmsg handling of sendmsg could
lead to a local attacker being able to halt / crash the machine.
This was found independently by Paul Starzetz and Georgi Guninski.
- Some more minor issues.
All SUSE Linux based products are affected and we are in the
process of preparing updated packages.
- samba
Several integer overflow problems have been identified in
the Samba filesharing which could lead to a remote attacker
gaining access to the Samba server.
This issue is tracked by the Mitre CVE ID CAN-2004-1154.
We are in the process of preparing updates. All SUSE Linux
based products are affected.
- squirrelmail
A cross site scripting problem was found in squirrelmail.
This issue has been assigned Mitre CVE ID CAN-2004-1036.
We are in the process of evaluating affected distributions
and preparing updates.
- acroread
A buffer overflow problem was reported by iDEFENSE Security
in the Acrobat Reader for UNIX. We are in the process of preparing
updates. Mitre has assigned CVE ID CAN-2004-1152 for this issue.
We are in the process of preparing updates. All SUSE Linux based
products are affected.
- phpMyAdmin
There is a remote code execution problem in phpMyAdmin. Mitre
has assigned CVE IDs CAN-2004-1147 and CAN-2004-1148.
SUSE Linux 9.0, 9.1, 9.2 are affected by this problem.
- wget
Multiple file overwrite problem and a directory traversal
problem were identified in the wget program, which allows
a prepared web server to reply to wget request with data
allowing overwriting files, traversing into one directory
below the current one, and hidden file overwrite.
All SUSE Linux based products are affected.
- konqueror
The Konqueror web browser allows websites to load web pages into
a window or tab currently used by another website. This was
reported by Secunia Research.
Mitre has has assigned the CVE ID CAN-2004-1158 to this issue.
All SUSE Linux based products are affected, we are preparing
updates for this problem.
- php
Multiple vulnerabilities were found in the php unserialize
functionality and other functions by Stefan Esser and others.
We are in the process of preparing updated packages.
All SUSE Linux based products are affected.
- multiple problems reported by djb
Daniel Bernstein held a course on vulnerabilities and had
his students audit existing UNIX software for potential
problems and vulnerabilities. The students discovered 44
flaws during this course.
Not all of those are as serious to be released as a security
update, the SUSE Security Team is identifying the packages
that need an update and will release fixes for them.
All SUSE Linux based products are affected.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
participants (1)
-
Marcus Meissner