[2343] in linux-security and linux-alert archive
[linux-security] Re: [RHSA-2000:028-02] Netscape 4.73 available
daemon@ATHENA.MIT.EDU (Jean-Mario)
Sun May 28 05:27:24 2000
Message-ID: <008801bfc7e0$77cd2cc0$6400a8c0@icerealm>
From: "Jean-Mario" <jmcharest@sympatico.ca>
To: <jmcharest@sympatico.ca>
Cc: <linux-security@redhat.com>, <bugtraq@securityfocus.com>
Date: Sat, 27 May 2000 09:35:36 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Resent-From: linux-security@redhat.com
----- Original Message -----
From: <bugzilla@redhat.com>
To: <redhat-watch-list@redhat.com>
Cc: <linux-security@redhat.com>; <bugtraq@securityfocus.com>
Sent: Friday, May 19, 2000 8:11 PM
Subject: [RHSA-2000:028-02] Netscape 4.73 available
> ---------------------------------------------------------------------
> Red Hat, Inc. Security Advisory
>
> Synopsis: Netscape 4.73 available
> Advisory ID: RHSA-2000:028-02
> Issue date: 2000-05-19
> Updated on: 2000-05-19
> Product: Red Hat Linux
> Keywords: netscape SSL telnet rlogin
> Cross references:
http://www.securityfocus.com/vdb/bottom.html?section=discussion&vid=1188
> ---------------------------------------------------------------------
>
> 1. Topic:
>
> Netscape 4.73 packages are available. These new packages fix
> bugs in SSL certificate validation; these bugs could allow
> for the compromising of encrypted SSL sessions.
>
> It is recommended that all users of Netscape update to the new packages.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 5.2 - i386
> Red Hat Linux 6.2 - i386 alpha
>
> 3. Problem description:
>
> The description of the vulnerability, taken from
> http://www.securityfocus.com/:
> --
> An attacker poisons a nameserver to redirect all
> connections to www.goodguy.com, normally
> 100.100.100.100, to 99.99.99.99, www.badguy.com.
>
> The attacker causes all normal http requests to return
> what they normally would on www.goodguy.com, even though
> a user attempting to contact www.goodguy.com hits
> www.badguy.com.
>
> Upon getting a hit to www.badguy.com, the attacker
> causes an SSL connection to be established. This can be
> done by embedding a small image. The user may or may not
> get a warning about establishing a secure connection --
> this warning is on by default, although many users will
> choose to disable this warning. The attacker needs to
> use a legitimate SSL key, certified by someone listed as
> trustworthy (thwate.com, for instance)
>
> The user can continue to shop to their hearts content,
> on the real site, as it's being proxied.
>
> When the user decides to check out, it will attempt to
> establish an SSL connection to www.goodguy.com. Upon
> checking the ip address for www.goodguy.com, for
> establishing an SSL connection, it will note that an SSL
> connection already exists to it's IP. The key, however,
> was issued to www.badguy.com. The SSL connection will be
> established, and by all indications appear to go to
> www.goodguy.com, when in fact it is to www.badguy.com.
>
> This could be used by a would be attacker to steal
> information such as credit cards, or any other
> information protected by SSL.
> ---
>
> Another minor vulnerability exists in current versions
> of Netscape; by default, netscape will respond to
> rlogin: and telnet: URLs by launching a helper application
> of the appropriate type. It is possible that when following URLs
> of these types that certain information about the local
> user (user name, environment settings) can be exposed to
> a remote host. To change the default associations to avoid
> this, users can go to Edit->Preferences, and choose
> Communicator->Applications. Then, change the default
> commands associated with 'telnet' and 'rlogin' to something
> that does not open up a connection to the remote host,
> for example, simply 'xterm'.
>
> 4. Solution:
>
> For each RPM for your particular architecture, run:
>
> rpm -Fvh [filename]
>
> where filename is the name of the RPM.
>
> For Red Hat Linux 5.0 and 5.1, use the Red Hat Linux 5.2
> packages. For Red Hat Linux 6.0 and 6.1, use the Red Hat Linux
> 6.2 packages.
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
> 11379 - Netscape 4.73 release for security problems in 4.72
>
>
> 6. RPMs required:
>
> Red Hat Linux 5.2:
>
> intel:
> ftp://ftp.redhat.com/5.2/i386/netscape-common-4.73-0.5.2.i386.rpm
> ftp://ftp.redhat.com/5.2/i386/netscape-navigator-4.73-0.5.2.i386.rpm
> ftp://ftp.redhat.com/5.2/i386/netscape-communicator-4.73-0.5.2.i386.rpm
>
> sources:
> ftp://ftp.redhat.com/5.2/SRPMS/netscape-4.73-0.5.2.src.rpm
>
> Red Hat Linux 6.2:
>
> intel:
> ftp://ftp.redhat.com/6.2/i386/netscape-common-4.73-1.i386.rpm
> ftp://ftp.redhat.com/6.2/i386/netscape-navigator-4.73-1.i386.rpm
> ftp://ftp.redhat.com/6.2/i386/netscape-communicator-4.73-1.i386.rpm
>
> alpha:
> ftp://ftp.redhat.com/6.2/alpha/netscape-common-4.73-1.alpha.rpm
> ftp://ftp.redhat.com/6.2/alpha/netscape-navigator-4.73-1.alpha.rpm
> ftp://ftp.redhat.com/6.2/alpha/netscape-communicator-4.73-1.alpha.rpm
>
> sources:
> ftp://ftp.redhat.com/6.2/SRPMS/netscape-4.73-1.src.rpm
> ftp://ftp.redhat.com/6.2/SRPMS/netscape-alpha-4.73-1.src.rpm
>
> 7. Verification:
>
> MD5 sum Package Name
> --------------------------------------------------------------------------
> 3e881194baf12d2d7e761a63041ba404 5.2/SRPMS/netscape-4.73-0.5.2.src.rpm
> 52498e09827f5e854f99e320e2923fc4
5.2/i386/netscape-common-4.73-0.5.2.i386.rpm
> 1e15dfb4454c36e7352cd1803974f871
5.2/i386/netscape-communicator-4.73-0.5.2.i386.rpm
> 703a4a0b80ca0c45967cb8cc569b0600
5.2/i386/netscape-navigator-4.73-0.5.2.i386.rpm
> a83932536aef2837be8733621c3415d0 6.2/SRPMS/netscape-4.73-1.src.rpm
> bb79a4d70ebc7ab6cd91c04fbb951ca8 6.2/SRPMS/netscape-alpha-4.73-1.src.rpm
> e800a7af7c20be924469aedb75ad807f
6.2/alpha/netscape-common-4.73-1.alpha.rpm
> 9502f4ec6d2c99f8f61329898f31450f
6.2/alpha/netscape-communicator-4.73-1.alpha.rpm
> d812be498d83e19dba903282c8805ee2
6.2/alpha/netscape-navigator-4.73-1.alpha.rpm
> de054f11902c5777446baff909da817c 6.2/i386/netscape-common-4.73-1.i386.rpm
> d3825c0c61838da0b35570fb0dc7e743
6.2/i386/netscape-communicator-4.73-1.i386.rpm
> aea9965093a8202196f637e8385035d9
6.2/i386/netscape-navigator-4.73-1.i386.rpm
>
> These packages are GPG signed by Red Hat, Inc. for security. Our key
> is available at:
> http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
> rpm --checksig <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
> rpm --checksig --nogpg <filename>
>
> 8. References:
>
> N/A
>
>
>
>
> --
> To unsubscribe: mail redhat-watch-list-request@redhat.com with
> "unsubscribe" as the Subject.
>
>
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
