News

Wednesday, March 14, 2007

SecurityFocus Linux Newsletter #328

SecurityFocus Linux Newsletter #328
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

Hacking With Ajax- On demand Webcast
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Watch this FREE SPI Dynamics webcast for tips on protecting your applications

https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG


------------------------------------------------------------------
I. FRONT AND CENTER
1. Blanket Discovery for Stolen Laptops
II. LINUX VULNERABILITY SUMMARY
1. GnuPG Signed Message Arbitrary Content Injection Weakness
2. PHP WDDX_Deserialize Buffer Overflow Vulnerability
3. PHP WDDX Session Deserialization Information Leak Vulnerability
4. KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
5. Linux Kernel Sys_Tee Local Privilege Escalation Vulnerability
6. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
7. Asterisk SIP Channel Driver Remote Denial of Service Vulnerability
8. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
9. Silc Server New Channel Remote Denial Of Service Vulnerability
10. Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11. Util-Linux Umount Filesystem NULL Pointer Dereference Vulnerability
12. Radscan Conquest Multiple Remote Vulnerabilities
13. Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow Vulnerability
14. Snort Inline Fragmentation Denial of Service Vulnerability
15. PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
16. Plash Shell Command Injection Vulnerability
17. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
18. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
19. KTorrent Multiple Remote Vulnerabilities
20. Xine DirectShow Loader Remote Buffer Overflow Vulnerability
21. Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
22. PHProjekt Multiple SQL Injection Vulnerabilities
23. PHProjekt Arbitrary File Upload Vulnerability
24. Adobe JRun Unspecified Denial Of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. GnuPG Signed Message Arbitrary Content Injection Weakness
BugTraq ID: 22757
Remote: Yes
Date Published: 2007-03-05
Relevant URL: http://www.securityfocus.com/bid/22757
Summary:
GnuPG is prone to a weakness that may allow an attacker to add arbitrary content into a message without the end user knowing.

An attacker may be able to exploit this issue in applications using GnuPG to add arbitrary content into a signed and/or encrypted message.

Exploiting this issue depends on the individual application's use of GnuPG. Individual records will be created detailing this issue in affected applications.

2. PHP WDDX_Deserialize Buffer Overflow Vulnerability
BugTraq ID: 22804
Remote: Yes
Date Published: 2007-03-04
Relevant URL: http://www.securityfocus.com/bid/22804
Summary:
PHP is prone to a remotely exploitable buffer-overflow vulnerability because it fails to properly check boundaries when processing client-supplied WDDX packets.

An attacker can exploit this issue to execute malicious code.

NOTE: This issue affects only the latest CVS release of PHP. The vulnerable code has not been released as part of an official PHP release at this time.

3. PHP WDDX Session Deserialization Information Leak Vulnerability
BugTraq ID: 22806
Remote: No
Date Published: 2007-03-05
Relevant URL: http://www.securityfocus.com/bid/22806
Summary:
PHP WDDX extension serialization handler is prone to a stack-information leak.

The vulnerability arises because of an improper initialization of a 'key_length' variable. A local attacker can exploit this issue to obtain sensitive information (such as stack offsets, variables, and canaries) that may aid in other attacks.

These versions are reported affected:

PHP4 versions prior to 4.4.5
PHP5 versions prior to 5.2.1

Updates are available.

NOTE: This issue was previously discussed in BID 22496, but has been assigned its own record because new information has become available.

4. KDE Konqueror JavaScript IFrame Denial of Service Vulnerability
BugTraq ID: 22814
Remote: Yes
Date Published: 2007-03-05
Relevant URL: http://www.securityfocus.com/bid/22814
Summary:
KDE Konqueror is prone to a remote denial-of-service vulnerability because of an error in KDE's JavaScript implementation.

An attacker may exploit this vulnerability to cause Konquerer to crash, resulting in denial-of-service conditions.

Konqueror included with KDE version 3.5.5 is vulnerable; other versions may also be affected.

5. Linux Kernel Sys_Tee Local Privilege Escalation Vulnerability
BugTraq ID: 22823
Remote: No
Date Published: 2007-03-05
Relevant URL: http://www.securityfocus.com/bid/22823
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to gain superuser privileges, facilitating the complete compromise of affected computers.

6. Mozilla Firefox Javascript URI Remote Code Execution Vulnerability
BugTraq ID: 22826
Remote: Yes
Date Published: 2007-03-05
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability due to a design error.

Attackers may exploit this issue by enticing victims into visiting a malicious site.

Successful exploits may allow an attacker to crash the application or execute arbitrary code in the context of the affected application.

7. Asterisk SIP Channel Driver Remote Denial of Service Vulnerability
BugTraq ID: 22838
Remote: Yes
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22838
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

Asterisk versions prior to 1.2.16 and 1.4.1 are vulnerable to this issue.

8. Mozilla Thunderbird/Seamonkey Rich Text Integer Overflow Vulnerability
BugTraq ID: 22845
Remote: Yes
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow vulnerability because they fail to handle excessively large specially formatted email messages.

A remote attacker can exploit this issue to execute arbitrary code; failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Thunderbird versions prior to 1.5.0.10 and Seamonkey versions prior to 1.0.8.

9. Silc Server New Channel Remote Denial Of Service Vulnerability
BugTraq ID: 22846
Remote: Yes
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22846
Summary:
SILC Server is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected server, effectively denying service to legitimate users.

This issue affects version 1.0.2; other versions may also be affected.

10. Apache mod_python Output Filter Mode Information Disclosure Vulnerability
BugTraq ID: 22849
Remote: Yes
Date Published: 2007-03-06
Relevant URL: http://www.securityfocus.com/bid/22849
Summary:
The Apache mod_python module is prone to an information-disclosure vulnerability because of a design error in the affected application.

An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.

11. Util-Linux Umount Filesystem NULL Pointer Dereference Vulnerability
BugTraq ID: 22850
Remote: No
Date Published: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22850
Summary:
Util-Linux 'umount' is prone to a NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to obtain sensitive information, including the contents of core files.

Util-Linux Umount implemented on Linux kernel 2.6.15 is reported vulnerable to this issue.

12. Radscan Conquest Multiple Remote Vulnerabilities
BugTraq ID: 22855
Remote: Yes
Date Published: 2007-03-07
Relevant URL: http://www.securityfocus.com/bid/22855
Summary:
Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users.

These issues affect version 8.2a; prior versions may also be affected.

13. Linux Kernel Omnikey CardMan 4040 Driver Local Buffer Overflow Vulnerability
BugTraq ID: 22870
Remote: No
Date Published: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22870
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. Exploiting this vulnerability facilitates the complete compromise of affected computers.

Linux kernel versions prior to 2.6.21-rc3 are affected by this issue.

14. Snort Inline Fragmentation Denial of Service Vulnerability
BugTraq ID: 22872
Remote: Yes
Date Published: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22872
Summary:
Snort is prone to a denial-of-service vulnerability because the network intrusion-detection (NID) system fails to handle specially crafted network packets.

An attacker can exploit this issue to crash the application, allowing malicious network traffic to bypass the NID system.

This issue affects versions 2.6.1.1, 2.6.1.2, and 2.7.0(beta); other versions may also be affected.

NOTE: Reportedly, for this vulnerability to occur, Snort must be running Inline on Linux, with Frag3 enabled and ip_conntrack disabled.

15. PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
BugTraq ID: 22883
Remote: Yes
Date Published: 2007-03-08
Relevant URL: http://www.securityfocus.com/bid/22883
Summary:
PHP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3.

16. Plash Shell Command Injection Vulnerability
BugTraq ID: 22892
Remote: Yes
Date Published: 2007-03-09
Relevant URL: http://www.securityfocus.com/bid/22892
Summary:
Plash is prone to a shell-command-injection vulnerability because the application fails to properly isolate executing binaries.

Successfully exploiting this issue allows attackers to escape the application's sandbox, potentially facilitating the remote compromise of targeted computers.

Plash version 1.17 is vulnerable to this issue; other versions may also be affected.

17. Linux Kernel BINFMT_ELF PT_INTERP Local Information Disclosure Vulnerability
BugTraq ID: 22903
Remote: No
Date Published: 2007-03-09
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
The Linux kernel is prone to a vulnerability in the Linux ELF binary loader. Exploiting this issue can allow local attackers to gain access to privileged information.

An attacker may be able to obtain sensitive data that can potentially be used to gain elevated privileges.

This issue is a variant of the vulnerability assigned CVE candidate ID CAN-2004-1073, which is documented in BID 11646.

Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are vulnerable; versions in the 2.4.0 branch may also be affected.

18. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
BugTraq ID: 22904
Remote: No
Date Published: 2007-03-09
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.

19. KTorrent Multiple Remote Vulnerabilities
BugTraq ID: 22930
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a directory-traversal vulnerability and an unspecified vulnerability when processing messages with invalid chunk indexes.

Very little information is known about one of these issues. This BID will be updated as soon as more information becomes available.

An attacker can exploit the directory-traversal issue to overwrite arbitrary files on the user's system. Presumably, the unspecified vulnerability when processing messages with invalid chunk indexes will allow attackers to execute arbitrary code or to cause a denial of service, but this has not been confirmed.

Versions prior to 2.1.2 are vulnerable to these issues.

20. Xine DirectShow Loader Remote Buffer Overflow Vulnerability
BugTraq ID: 22933
Remote: Yes
Date Published: 2007-03-12
Relevant URL: http://www.securityfocus.com/bid/22933
Summary:
Xine is prone to a remote buffer-overflow vulnerability because the application fails to perform boundary checks before copying user-supplied input into finite-sized buffers.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application and to compromise affected computers.

21. Linux Kernel Netfilter NFNetLink_Log Multiple NULL Pointer Dereference Vulnerabilities
BugTraq ID: 22946
Remote: No
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22946
Summary:
The Linux kernel is prone to multiple NULL-pointer dereference vulnerabilities.

A local attacker can exploit these issues to crash the affected kernel, denying service to legitimate users.

22. PHProjekt Multiple SQL Injection Vulnerabilities
BugTraq ID: 22955
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22955
Summary:
PHProjekt is prone to multiple SQL-injection vulnerabilities because the application failso properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

PHProjekt versions 5.2.0 and prior are vulnerable to these issues.

23. PHProjekt Arbitrary File Upload Vulnerability
BugTraq ID: 22956
Remote: Yes
Date Published: 2007-03-14
Relevant URL: http://www.securityfocus.com/bid/22956
Summary:
PHProjekt is prone to an arbitrary file-upload vulnerability.

Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.

Versions prior to 5.2.1 are vulnerable to this issue.

24. Adobe JRun Unspecified Denial Of Service Vulnerability
BugTraq ID: 22958
Remote: Yes
Date Published: 2007-03-13
Relevant URL: http://www.securityfocus.com/bid/22958
Summary:
Adobe JRun is prone to a denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate to legitimate users.

This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

Hacking With Ajax- On demand Webcast
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Watch this FREE SPI Dynamics webcast for tips on protecting your applications

https://download.spidynamics.com/1/ad/AJAXw.asp?Campaign_ID=70160000000CjtG

No comments:

Blog Archive