Catching up with Debian

Today’s bug patches and security alerts:

Debian has released roughly a dozen new patches over the past couple weeks. We catch up with them here:

Debian Linux kernel updates

Three versions of Debian’s Linux kernel have been patched to fix a potential root exploit:

Linux 2.4.17 for the MIPS architecture:

https://www.debian.org/security/2004/dsa-491

Linux 2.4.17 for the PowerPC/apus and S/390 architectures:

https://www.debian.org/security/2004/dsa-489

Linux 2.4.18 for the i386 architecture:

https://www.debian.org/security/2004/dsa-479

Patch for xchat

A stack overflow in previous version of XChat could be exploited by a remote user to run arbitrary code on the affected machine. An update is available to fix the flaw. For more, go to:

https://www.debian.org/security/2004/dsa-493

DoS flaw in iproute patched

Local users could exploit a flaw in iproute, a set of tools for controlling networking in Linux kernels, to cause a denial of service against the affected machine. For more, go to:

https://www.debian.org/security/2004/dsa-492

Update for logcheck

The Debian logcheck application creates temporary directories without regard to security. This could be exploited by a remote user to overwrite arbitrary files with root privileges. For more, go to:

https://www.debian.org/security/2004/dsa-488

Neon patch available

A number of format string vulnerabilities have been found in Neon, an HTTP and WebDav client library. For more, go to:

https://www.debian.org/security/2004/dsa-487

Zope flaw patched

A vulnerability has been found in Zcatalog, a plug-in for the Zope open source application server. The flaw could be exploited by a remote user to call “methods of catalog indexes”. For more, go to:

https://www.debian.org/security/2004/dsa-490

Perl information leak fixed

According to an alert from Debian, “Paul Szabo discovered a number of similar bugs in suidperl, a helper program to run perl scripts with setuid privileges.  By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users.” This is an update from an earlier advisory:

https://www.debian.org/security/2004/dsa-431

Popular MySQL database patched

Temporary files created by two MySQL scripts are not properly deleted, allowing an attacker to exploit them in a symbolic link attack against the affected machine. This attack could be used to overwrite arbitrary files on the system. For more, go to:

https://www.debian.org/security/2004/dsa-483

Fix for xine-ui

A temporary file vulnerability has been found in xine, which could be exploited by a local user to overwrite arbitrary files. For more, go to:

https://www.debian.org/security/2004/dsa-477

Update heimdal package available

This one is tough to explain, so we’ll let Debian do the talking: Heimdal, a suite of software implementing the Kerberos protocol, has “a cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.” For more, go to:

https://www.debian.org/security/2004/dsa-476

Flaw in oftpd patched

An attacker can crash the oftpd anonymous FTP server daemon by specifying a large value in the PORT command. This could be exploited in a denial-of-service attack against the affected machine. For more, go to:

https://www.debian.org/security/2004/dsa-473

New fte package available

A flaw in the fte editor that runs in the Linux console makes it run only as root, which could be exploited by a malicious user. Debian recommends using the terminal version of fte instead. For more, go to:

https://www.debian.org/security/2004/dsa-472

**********

Today’s roundup of virus alerts:

Troj/Banker-S – A keylogging virus that captures keystrokes associated with Web browsing and e-mails them to a Russian e-mail address using a built in SMTP engine. (Sophos)

W32/Agobot-MN – An IRC-access Trojan horse that spreads via weakly protected network shares. The virus also attempts to terminate certain security-related applications running on the infected machine. (Sophos)

VBS/Yarr-A – A Visual Basic script virus that overwrites the Windows Notepad application with a copy of the W32/Mimail-V worm. (Sophos)

**********

From the interesting reading department:

Backspin: The cost of spyware

If you’re starting to think these programs are dangerous, you’re right. They often slow down browsing and overall PC performance, can make your system unstable, and waste huge amounts of time and money. And on top of that, hacker-type spyware easily can bypass every bit of security you have, creating horrendous security problems. Network World, 04/26/04.

https://www.nwfusion.com/columnists/2004/0426backspin.html?nl

Nutter’s Help Desk:  How to set up a VPN at home

Could you explain the process of setting up a VPN in a home network? Network World, 04/26/04.

https://www.nwfusion.com/columnists/2004/0426nutter.html?nl

Wireless Wizards:  Can you block WLAN clients from receiving signals?

Is there a way to block or interrupt RF clients from receiving a signal while connected to a wired network? I would like to block the RF signal from reaching clients on a wired network in order to prevent a client from being attached to both the Internet and a private LAN. Is there a way to enforce this automatically on the clients? Network World, 04/26/04.

https://www.nwfusion.com/columnists/2004/0426wizards.html?nl