[Full-Disclosure] [TURBOLINUX SECURITY INFO] 07/Feb/2005

From: Turbolinux (security-announce_at_turbolinux.co.jp)
Date: 02/07/05

  • Next message: Thierry Haven: "Re: [Full-Disclosure] yahoo mail image verification"
    Date: Mon, 7 Feb 2005 20:33:50 +0900
    To: security-announce@turbolinux.co.jp
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    This is an announcement only email list for the x86 architecture.
    ============================================================
    Turbolinux Security Announcement 31/Jan/2005
    ============================================================

    The following page contains the security information of Turbolinux Inc.

     - Turbolinux Security Center
       http://www.turbolinux.com/security/

     (1) netpbm -> Symlink attack in netpbm may allow arbitrary file overwriting
     (2) webmin -> Multiple vulnerabilities exist in webmin
     (3) samba -> An integer overflow vulnerability exists in Samba

    ===========================================================
    * netpbm -> Symlink attack in netpbm may allow arbitrary file overwriting
    ===========================================================

     More information:
        The netpbm package contains a library of functions which support programs
        for handling various graphics file formats.

        A vulnerability in the manner in which netpbm handles temporary files
        could allow local users to overwrite arbitrary files via a symlink attack.

     Impact:
        This vulerability could allow attackers to overwrite arbitrary files
        via a symbolic link attack.

     Affected Products:
        - Turbolinux 8 Server
        - Turbolinux 8 Workstation
        - Turbolinux 7 Server
        - Turbolinux 7 Workstation

     Solution:
        Please use the turbopkg (zabom) tool to apply the update.
     ---------------------------------------------
     # turbopkg
     or
     # zabom update netpbm netpbm-devel netpbm-progs
     ---------------------------------------------

     <Turbolinux 8 Server>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/netpbm-9.25-3.src.rpm
          2065779 d09e323fd80d75f155ccd08f28702f6e

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-9.25-3.i586.rpm
            98115 83309ca9209bdea0cf5a32e92980075b
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-devel-9.25-3.i586.rpm
           114415 65f426ba58c638d3b8eedfca5df43909
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/netpbm-progs-9.25-3.i586.rpm
          1150412 3e39bc0b01c94b0263dd8ba23dbed0aa

     <Turbolinux 8 Workstation>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/netpbm-9.25-3.src.rpm
          2065779 e3e9752805ac8b9fad72f164de75886e

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-9.25-3.i586.rpm
            98171 6f92aebe81941383c6226c1504fbccc9
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-devel-9.25-3.i586.rpm
           114479 988291608ed6aeae3e15457d3a3a84ee
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/netpbm-progs-9.25-3.i586.rpm
          1149972 6089152aca6eb219dbc190ec24889529

     <Turbolinux 7 Server>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/netpbm-9.14-2.src.rpm
          2099125 e055878b9d5f6de0512b1ea7bdb2ef9d

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-9.14-2.i586.rpm
            82255 46dd4127b57532ef0ef848e1f79d05ac
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-devel-9.14-2.i586.rpm
           104175 5de813b7c6c018dae8aadf23ecbb4bb9
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/netpbm-progs-9.14-2.i586.rpm
          1058389 febc163587b87fb597cc3ece59b60af2

     <Turbolinux 7 Workstation>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/netpbm-9.14-2.src.rpm
          2099125 50b5b0ae40301739b06a50c287a19b09

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-9.14-2.i586.rpm
            82263 a2b1ca87c21f79fd345f480c577cef9e
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-devel-9.14-2.i586.rpm
           104255 f77a4e19f384961233710e95aa2c472c
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/netpbm-progs-9.14-2.i586.rpm
          1058246 542389d46332d97e4b493bb953578777

     References:

     CVE
       [CAN-2003-0924]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924

    ===========================================================
    * webmin -> Multiple vulnerabilities exist in webmin
    ===========================================================

     More information:
        Webmin is a web-based administration interface for Unix systems.
        Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems
        and more using your web browser.

        Multiple vulnerabilities exist in Webmin:
        - A script in Usermin allows local users to overwrite arbitrary files
          at install time via a symlink attack on the /tmp/.usermin directory.
        - Webmin allows remote attackers to bypass access control rules and gain
          read access to configuration information for certain modules.
        - The account lockout functionality in webmin does not parse certain
          character strings, which allows remote attackers to conduct a brute
          force attack to guess user IDs and passwords.

     Impact:
        This vulerability may allow attackers to overwrite arbitrary files via
        a symbolic link attack. The vulnerabilities may allow remote attackers
        to bypass access control rules.

     Affected Products:
        - Turbolinux 8 Server
        - Turbolinux 8 Workstation
        - Turbolinux 7 Server

     Solution:
        Please use the turbopkg (zabom) tool to apply the update.
     ---------------------------------------------
     # turbopkg
     or
     # zabom update webmin
     ---------------------------------------------

     <Turbolinux 8 Server>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/webmin-1.070-3.src.rpm
          6930841 534de43ae0ad8830bb74896222b2eaf9

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/webmin-1.070-3.noarch.rpm
          6035769 157751b22142bf504e3a943a3a60f824

     <Turbolinux 8 Workstation>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/webmin-1.070-3.src.rpm
          6930841 c80b3687b01f8f65b9db46bf10368e53

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/webmin-1.070-3.noarch.rpm
          6034650 dd4e791efcbecc9189f5dd728dee6b08

     <Turbolinux 7 Server>

       Source Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/webmin-1.070-3.src.rpm
          6930841 fbe7a9612533a0efbeba086ea9ef0609

       Binary Packages
       size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/webmin-1.070-3.noarch.rpm
          6057465 69c1a46d1a5ddcec6901132b8309bf65

     References:

     CVE
       [CAN-2004-0559]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0559
       [CAN-2004-0582]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0582
       [CAN-2004-0583]
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0583

    ===========================================================
    * samba -> An integer overflow vulnerability exists in Samba
    ===========================================================

     More information:
        Samba is an Open Source/Free Software suite that provides seamless file
        and print services to SMB/CIFS clients. Samba is freely available,
        unlike other SMB/CIFS implementations, and allows for interoperability
        between Linux/Unix servers and Windows-based clients.

        Integer overflow vulnerabilities have been discovered in Samba.

     Impact:
        This vulnerability can allow remote attackers to execute arbitrary code
        via certain SMB requests.

     Affected Products:
        - Turbolinux Appliance Server 1.0 Hosting Edition
        - Turbolinux 10 Server
        - Turbolinux Home
        - Turbolinux 10 F...
        - Turbolinux 10 Desktop
        - Turbolinux 8 Server
        - Turbolinux 8 Workstation
        - Turbolinux 7 Server
        - Turbolinux 7 Workstation

     Solution:
        Please use the turbopkg (zabom) tool to apply the update.
     ---------------------------------------------
     [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F...,
      Turbolinux Home]
     # turbopkg
     or
     # zabom -u samba samba-debug samba-devel samba-python smbfs

     [other]
     # turbopkg
     or
     # zabom update samba samba-devel smbfs
     ---------------------------------------------

     <Turbolinux Appliance Server 1.0 Hosting Edition>

       Source Packages
       Size: MD5

       samba-2.2.7a-14jaJP.src.rpm
          7216406 e9173c3c781b4ecd39d93de572b497d2

       Binary Packages
       Size: MD5

       samba-2.2.7a-14jaJP.i586.rpm
         11182740 0228cf921d171ab30b557c3ba33f40c7
       samba-devel-2.2.7a-14jaJP.i586.rpm
           502004 987ec605e854963df377ebd5a3d11e69
       smbfs-2.2.7a-14jaJP.i586.rpm
           633806 50bef9fdaeb2a56bfb73cf81dc721fbb

     <Turbolinux 10 Server>

       Source Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/samba-3.0.6-13.src.rpm
         15053246 e73d926f67f0974baf7c47855f1bc478

       Binary Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-3.0.6-13.i586.rpm
         24905516 427a07abcb7f9c73e42cbe4b14779624
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-debug-3.0.6-13.i586.rpm
          2914710 75bd348d0e5a1dbd7d418483ee231234
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-devel-3.0.6-13.i586.rpm
           750624 462200f1ab9014d49001d70305c587a1
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/samba-python-3.0.6-13.i586.rpm
          4042407 559f002308ae764f317ff7837de65ab0
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/smbfs-3.0.6-13.i586.rpm
           245829 a29a85a4dd1fb7a1a38eccb3b9551fef

     <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

       Source Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/samba-2.2.7a-14jaJP.src.rpm
          7216406 9421b2bc1f8a5c5ea9b121d3d45c18ef

       Binary Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-2.2.7a-14jaJP.i586.rpm
         11187180 171ae9311e71af58c1025bf0e514c347
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-devel-2.2.7a-14jaJP.i586.rpm
           514384 1d0e1ae587ffcdc4b3ec701046ab2923
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/smbfs-2.2.7a-14jaJP.i586.rpm
           642601 f9d5a2b8e95a153f0e9a0145dfe6df01

     <Turbolinux 8 Server>

       Source Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/samba-2.2.7a-14jaJP.src.rpm
          7216406 3bcd892bfd626df774c9fb340871ddb7

       Binary Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-2.2.7a-14jaJP.i586.rpm
         11192012 5b11473f3e4083f5f8ff6bbf19100abd
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-devel-2.2.7a-14jaJP.i586.rpm
           502377 c0dd012ca459803830d5d43e4b4c2d14
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/smbfs-2.2.7a-14jaJP.i586.rpm
           635090 61520281f2f8797c6c1266c27df9dca5

     <Turbolinux 8 Workstation>

       Source Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/samba-2.2.7a-14jaJP.src.rpm
          7216406 a821c695771cf4e78efda62ae147a411

       Binary Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/samba-2.2.7a-14jaJP.i586.rpm
         11190948 4246a03c067bae3f24ee0c06cfaf1bb0
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/samba-devel-2.2.7a-14jaJP.i586.rpm
           501206 e72960ffa0126e293391986af1519251
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/smbfs-2.2.7a-14jaJP.i586.rpm
           632378 34c694b001f4671a506d16fcd4a27b06

     <Turbolinux 7 Server>

       Source Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/samba-2.2.7a-14jaJP.src.rpm
          7216406 35092fdb1ad80c96f8732f3ba95c04e4

       Binary Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/samba-2.2.7a-14jaJP.i586.rpm
         11035567 0930ccd99a51e795cf385783205cd41b
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/samba-devel-2.2.7a-14jaJP.i586.rpm
           495574 99a444a38d227742fd215588fa9a833b
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/smbfs-2.2.7a-14jaJP.i586.rpm
           615525 092ee149e216d7e49f9bab6b06c34d7c

     <Turbolinux 7 Workstation>

       Source Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/samba-2.2.7a-14jaJP.src.rpm
          7216406 6c32c025bcaaabbb917fcf0bd47f79c6

       Binary Packages
       Size: MD5

       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/samba-2.2.7a-14jaJP.i586.rpm
         11035447 c362d4d8a874b2b10c65d5c40c34dcbf
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/samba-devel-2.2.7a-14jaJP.i586.rpm
           495731 6be170456280eaef09060937582ce12f
       ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/smbfs-2.2.7a-14jaJP.i586.rpm
           615062 f9289151962bf203a88b674ef82ef43c

     References:

     CVE
       [CAN-2004-1154]
       http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1154

     * You may need to update the turbopkg tool before applying the update.
    Please refer to the following URL for detailed information.

      http://www.turbolinux.com/download/zabom.html
      http://www.turbolinux.com/download/zabomupdate.html

    Package Update Path
    http://www.turbolinux.com/update/

    ============================================================
     * To obtain the public key

    Here is the public key

     http://www.turbolinux.com/security/

     * To unsubscribe from the list

    If you ever want to remove yourself from this mailing list,
      you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
    the word `unsubscribe' in the body (don't include the quotes).

    unsubscribe

     * To change your email address

    If you ever want to chage email address in this mailing list,
      you can send a message to <server-users-e-ctl@turbolinux.co.jp> with
    the following command in the message body:

      chaddr 'old address' 'new address'

    If you have any questions or problems, please contact
    <supp_info@turbolinux.co.jp>

    Thank you!

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (GNU/Linux)

    iD8DBQFCB1IiK0LzjOqIJMwRAr93AKCTk3EpeSXRUMC5e/Y3xWmkFkaEsACgsFM3
    H81wFH0zzuyoY4E29k9z4vM=
    =yHbr
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Thierry Haven: "Re: [Full-Disclosure] yahoo mail image verification"