News

Tuesday, November 07, 2006

SecurityFocus Linux Newsletter #311

SecurityFocus Linux Newsletter #311
----------------------------------------

This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSk

------------------------------------------------------------------
I. FRONT AND CENTER
1. Using Nepenthes Honeypots to Detect Common Malware
2. Employee Privacy, Employer Policy
II. LINUX VULNERABILITY SUMMARY
1. Yukihiro Matsumoto Ruby CGI Module MIME Denial Of Service Vulnerability
2. Vilistextum Remote Denial of Service and Buffer Overflow Vulnerabilities
3. X.Org X Window Server LibX11 Xinput File Descriptor Leak Vulnerability
4. Linux Kernel IPV6 Seqfile Handling Local Denial of Service Vulnerability
5. Linux Kernel SquashFS Double Free Denial of Service Vulnerability
6. ELOG EL_Submit Function Remote Format String Vulnerability
7. PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities
8. PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
9. ELOG Nonexistent File Download Cross-Site Scripting Vulnerability
10. ELOG Multiple Cross-Site Scripting Vulnerabilities
11. Acme Thttpd Insecure Temporary Logfile Creation Vulnerability
12. IMlib2 Library Multiple Image Format Arbitrary Code Execution Vulnerabilities
13. LibRPM Query Report Arbitrary Code Execution Vulnerability
14. Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
15. Linux Kernel ISO9660 Denial of Service Vulnerability
16. Xoops NewList.PHP Cross-Site Scripting Vulnerability
17. OWFS Owserver File Path Denial of Service Vulnerability
18. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Vulnerability Assessment of a EAL 4 system
2. Detecting brute force attacks
3. Detecting Brute-Force and Dictionary attacks
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Using Nepenthes Honeypots to Detect Common Malware
By Jamie Riden
This article describes the use of Nepenthes, a low-interaction honeypot, as an additional layer of network defense. Nepenthes can be used to capture malware, alert an administrator about a network compromise, and assist in containing and removing the infection.
http://www.securityfocus.com/infocus/1880

2. Employee Privacy, Employer Policy
By Kelly Martin
Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams and botnet attacks that are stealing millions from organizations and individuals.
http://www.securityfocus.com/columnists/419


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Yukihiro Matsumoto Ruby CGI Module MIME Denial Of Service Vulnerability
BugTraq ID: 20777
Remote: Yes
Date Published: 2006-10-28
Relevant URL: http://www.securityfocus.com/bid/20777
Summary:
Ruby is prone to a remote denial-of-service vulnerability because the application's CGI module fails to properly handle specific HTTP requests that contain invalid information.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected Ruby CGI Module.

2. Vilistextum Remote Denial of Service and Buffer Overflow Vulnerabilities
BugTraq ID: 20813
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20813
Summary:
Vilistextum is prone to multiple remote vulnerabilities. The first issue is a memory leak; the second issue is an off-by-one buffer overflow.

Exploiting these vulnerabilities may allow remote attackers to execute arbitrary machine-code in the context of the affected application or to crash the application, denying service to users.

Note that a successful exploit requires that unsuspecting victims use the affected utility to process attacker-supplied files.

Vilistextum versions prior to 2.6.9 are vulnerable to these issues.

3. X.Org X Window Server LibX11 Xinput File Descriptor Leak Vulnerability
BugTraq ID: 20845
Remote: No
Date Published: 2006-11-01
Relevant URL: http://www.securityfocus.com/bid/20845
Summary:
X.Org X Window Server libX11 library 'Xinput' module is prone to a file-descriptor leak due to a design error.

The vulnerability arises because the application fails to close a file descriptor after file operations. An attacker can exploit this issue to open files with elevated privileges.

Versions 1.0.2 and 1.0.3 of libX11 are reported affected; other versions may be affected as well.

4. Linux Kernel IPV6 Seqfile Handling Local Denial of Service Vulnerability
BugTraq ID: 20847
Remote: No
Date Published: 2006-11-01
Relevant URL: http://www.securityfocus.com/bid/20847
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the way seqfiles are handled in the kernel.

This vulnerability allows local users to cause an infinite loop, resulting in a crash and denying further service to legitimate users.

This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.

5. Linux Kernel SquashFS Double Free Denial of Service Vulnerability
BugTraq ID: 20870
Remote: No
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20870
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

6. ELOG EL_Submit Function Remote Format String Vulnerability
BugTraq ID: 20876
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20876
Summary:
ELOG is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers.

ELOG version 2.0.2 is vulnerable to this issue.

7. PHP HTMLEntities HTMLSpecialChars Buffer Overflow Vulnerabilities
BugTraq ID: 20879
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20879
Summary:
PHP is prone to multiple buffer-overflow vulnerabilities because it fails to effectively bounds-check user-supplied input before copying it to an insufficiently sized buffer.

An attacker could exploit these issues to have arbitrary code execute in the context of an affected webserver. This may lead to the compromise of the webserver. Failed exploit attempts could cause denial-of-service conditions, denying access to legitimate users.

Only limited information is available regarding these issues. This BID will be updated as more information becomes available.

PHP 5 is vulnerable to these issues.

NOTE: The affected functions are employed by a large number of popular PHP libraries. As a result, there are many PHP applications affected by this issue.

8. PADL Software Pam_Ldap PasswordPolicyResponse Authentication Bypass Vulnerability
BugTraq ID: 20880
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20880
Summary:
The pam_ldap module is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to bypass authentication. This occurs in applications using pam_ldap authentication for locked-out accounts.

9. ELOG Nonexistent File Download Cross-Site Scripting Vulnerability
BugTraq ID: 20881
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20881
Summary:
ELOG is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

ELOG version 2.6.2 is vulnerable; other versions may also be affected.

10. ELOG Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 20882
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20882
Summary:
ELOG is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

ELOG version 2.6.2 is vulnerable; other versions may also be affected.

11. Acme Thttpd Insecure Temporary Logfile Creation Vulnerability
BugTraq ID: 20891
Remote: No
Date Published: 2006-11-03
Relevant URL: http://www.securityfocus.com/bid/20891
Summary:
thttpd creates temporary log files in an insecure manner.

An attacker with local access could potentially exploit this issue to overwrite files in the context of the Web server process.

A successful exploit would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

Versions prior to 2.23 beta 1 are vulnerable.

12. IMlib2 Library Multiple Image Format Arbitrary Code Execution Vulnerabilities
BugTraq ID: 20903
Remote: Yes
Date Published: 2006-11-04
Relevant URL: http://www.securityfocus.com/bid/20903
Summary:
The imlib2 Library is prone to arbitrary code-execution vulnerabilities.

An attacker can exploit these issues to execute arbitrary machine code with the privileges of the currently logged in user.

13. LibRPM Query Report Arbitrary Code Execution Vulnerability
BugTraq ID: 20906
Remote: Yes
Date Published: 2006-11-04
Relevant URL: http://www.securityfocus.com/bid/20906
Summary:
The 'librpm' library is prone to an arbitrary code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary machine code with the privileges of the currently logged-in user or to crash the affected application.

14. Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability
BugTraq ID: 20910
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20910
Summary:
Essentia Web Server is prone to a stack-based buffer overflow vulnerability. This issue is occurs because the applications fails to bound-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the webserver. Failed exploit attempts will result in a denial-of-service.

This issue affects version 2.15; other versions may also be affected.

This issue may be related to the issue described in BID 4159 (Essentia Web Server Long URL Buffer Overflow Vulnerability).

15. Linux Kernel ISO9660 Denial of Service Vulnerability
BugTraq ID: 20920
Remote: No
Date Published: 2006-11-05
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability. This issue affects the ISO9660 filesystem handling code.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

16. Xoops NewList.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 20927
Remote: Yes
Date Published: 2006-11-06
Relevant URL: http://www.securityfocus.com/bid/20927
Summary:
Xoops is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 1.0 is vulnerable; other versions may also be affected.

17. OWFS Owserver File Path Denial of Service Vulnerability
BugTraq ID: 20953
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20953
Summary:
OWFS Owserver is prone to a denial-of-service issue.

An attacker can exploit this issue to crash the affected server, denying service to legitimate users.

This issue affects version 2.5p5; other versions may also be affected.

18. Linux Kernel Multiple IPV6 Packet Filtering Bypass Vulnerabilities
BugTraq ID: 20955
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
The Linux kernel is prone to multiple IPv6 packet filtering bypass vulnerabilities because of insufficient handling of fragmented packets.

An attacker could exploit these issues to bypass ip6_table filtering rules. This could result in a false sense of security because filtering rules set up by system administrators can be bypassed in order to access services which are otherwise protected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Vulnerability Assessment of a EAL 4 system
http://www.securityfocus.com/archive/91/450261

2. Detecting brute force attacks
http://www.securityfocus.com/archive/91/449686

3. Detecting Brute-Force and Dictionary attacks
http://www.securityfocus.com/archive/91/449157

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSk

No comments:

Blog Archive