News

Friday, April 20, 2007

SecurityFocus Linux Newsletter #333

SecurityFocus Linux Newsletter #333
----------------------------------------

This Issue is Sponsored by: Kapersky Lab

Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free

http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. The Politics of E-Mail
II. LINUX VULNERABILITY SUMMARY
1. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
2. IPSec-Tools Remote Denial Of Service Vulnerability
3. RETIRED: Freetype Font Files Integer Overflow Vulnerability
4. Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
5. BFTPD Multiple Commands Remote Denial Of Service Vulnerabilities
6. Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
7. IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability
8. MadWifi Auth Frame IBSS Remote Denial of Service Vulnerability
9. MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
10. Opera Web Browser Running Adobe Flash Player Unspecified Vulnerability
11. Drupal Database Administration Module Multiple HTML-injection Vulnerabilities
12. WebKalk2 Engine.Inc.PHP Remote File Include Vulnerability
13. FreeRadius EAP-TTLS Tunnel Memory Leak Remote Denial Of Service Vulnerability
14. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
15. ScramDisk 4 Linux Local Privilege Escalation Vulnerabilities
16. Lighttpd Multiple Remote Denial of Service Vulnerabilities
17. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
18. Oracle April 2007 Security Update Multiple Vulnerabilities
19. McAfee E-Business Administration Server Authentication Packet Denial of Service Vulnerability
20. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
21. ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
22. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
23. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. The Politics of E-Mail
By Mark Rasch
It's springtime in Washington, D.C. The cherry blossoms have bloomed, the tourists descended, and on both sides of Pennsylvania Avenue a new "scandal" is erupting.
http://www.securityfocus.com/columnists/440


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

2. IPSec-Tools Remote Denial Of Service Vulnerability
BugTraq ID: 23394
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23394
Summary:
IPSec-Tools is affected by a remote denial-of-service vulnerability because the application fails to properly handle certain network packets.

A successful attack allows a remote attacker to crash the application, denying further service to legitimate users.

IPSec-Tools versions prior to 0.6.7 are vulnerable to this issue.

3. RETIRED: Freetype Font Files Integer Overflow Vulnerability
BugTraq ID: 23402
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23402
Summary:
Freetype is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

This BID has been retired because it is a duplicate of BID 23283.

4. Adobe Macromedia ColdFusion Insecure File Permissions Vulnerability
BugTraq ID: 23405
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23405
Summary:
Adobe Macromedia ColdFusion is prone to an insecure-file-permissions vulnerability. This issue stems from a previous patch that sets unsafe directory permissions.

A local attacker can exploit this issue to gain administrative privileges on the affected computer. A successful exploit would lead to the complete compromise of affected computers.

ColdFusion 7.0.2.142559 for Linux is vulnerable to this issue.

5. BFTPD Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 23406
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23406
Summary:
BFTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Versions prior to 1.8 are vulnerable to these issues.

6. Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability
BugTraq ID: 23417
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23417
Summary:
Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message.

A remote attacker can exploit this issue by submitting a maliciously crafted message to the application.

Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users.

Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable.

7. IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability
BugTraq ID: 23421
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23421
Summary:
IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

8. MadWifi Auth Frame IBSS Remote Denial of Service Vulnerability
BugTraq ID: 23431
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23431
Summary:
MADWifi is prone to a remote denial-of-service vulnerability because the application fails to handle certain AUTH frames from an IBSS node.

An attacker can exploit this issue to cause the affected computer to crash, denying further service to legitimate users.

This issue affects MADWifi 0.9.3 and prior versions.

9. MADWiFi IEEE80211_Output.C Unencrypted Data Packet Multiple Vulnerabilities
BugTraq ID: 23434
Remote: No
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23434
Summary:
MADWiFi is prone to a denial-of-service vulnerability, an information-disclosure issue, and a packet-spoofing vulnerability. These issues occur because of a design error.

An attacker can exploit these issues to spoof network traffic, crash arbitrary processes, and gain access to sensitive information.

These issues affect versions prior to 0.9.3.

10. Opera Web Browser Running Adobe Flash Player Unspecified Vulnerability
BugTraq ID: 23437
Remote: Yes
Date Published: 2007-04-11
Relevant URL: http://www.securityfocus.com/bid/23437
Summary:
Opera Web Browser is prone to an unspecified vulnerability when running Adobe Flash Player.

Currently very little is known regarding this issue. This BID will be updated as more information becomes available.

Opera Web Browser versions prior to 9.20 are vulnerable.
Adobe Flash Player versions prior to 9.0.28.0 are vulnerable.

11. Drupal Database Administration Module Multiple HTML-injection Vulnerabilities
BugTraq ID: 23440
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.securityfocus.com/bid/23440
Summary:
Drupal Database Administration Module is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.

To exploit this issue, an attacker must have Site Administrator privileges.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Drupal Database Administration versions prior to 4.7.0-1.2 and all versions of the 4.6.0 branch are vulnerable to these issues.

12. WebKalk2 Engine.Inc.PHP Remote File Include Vulnerability
BugTraq ID: 23451
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.securityfocus.com/bid/23451
Summary:
WebKalk2 is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

WebKalk2 1.9.0 is vulnerable.

13. FreeRadius EAP-TTLS Tunnel Memory Leak Remote Denial Of Service Vulnerability
BugTraq ID: 23466
Remote: Yes
Date Published: 2007-04-12
Relevant URL: http://www.securityfocus.com/bid/23466
Summary:
FreeRADIUS is prone to a denial-of-service vulnerability.

This vulnerability presents itself when an attacker sends malformed data inside an EAP-TTLS tunnel.

14. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities
BugTraq ID: 23473
Remote: Yes
Date Published: 2007-04-13
Relevant URL: http://www.securityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-overflow vulnerability.

A successful attack may allow an attacker to obtain sensitive information, cause denial-of-service conditions, and execute arbitrary code in the context of the user running the affected application.

ClamAV versions prior to 0.90.2 are vulnerable to these issues.

15. ScramDisk 4 Linux Local Privilege Escalation Vulnerabilities
BugTraq ID: 23495
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23495
Summary:
ScramDisk is prone to multiple local privilege-escalation vulnerabilities.

Exploiting these issues allows local attackers to attain superuser privileges, which can lead to a complete system compromise.

These issues affect versions prior to 1.0-1.

16. Lighttpd Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 23515
Remote: Yes
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23515
Summary:
Lighttpd is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle unexpected conditions.

Successfully exploiting these issues allows remote attackers to trigger an infinite loop, consuming excessive CPU resources, or to crash affected servers via a NULL-pointer dereference. This will deny further service to legitimate users.

Lighttpd versions prior to 1.4.14 are vulnerable.

17. Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
BugTraq ID: 23520
Remote: No
Date Published: 2007-04-16
Relevant URL: http://www.securityfocus.com/bid/23520
Summary:
Vixie Cron is prone to a local denial-of-service vulnerability.

This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.

A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.

Vixie Cron versions prior to 4.1-r10 are vulnerable.

18. Oracle April 2007 Security Update Multiple Vulnerabilities
BugTraq ID: 23532
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23532
Summary:
Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise.

19. McAfee E-Business Administration Server Authentication Packet Denial of Service Vulnerability
BugTraq ID: 23544
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23544
Summary:
McAfee E-Business Administration Server is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain network packets. A successful attack allows a remote attacker to crash the Administration Server, denying further service to legitimate users.

These versions are affected:

E-Business Server 8.5.1 (and earlier) for Windows and Solaris
E-Business Server 8.1.0 (and earlier) for Linux, HP-UX, and AIX

20. 3proxy HTTP Proxy Request Buffer Overflow Vulnerability
BugTraq ID: 23545
Remote: Yes
Date Published: 2007-04-17
Relevant URL: http://www.securityfocus.com/bid/23545
Summary:
3proxy is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.

3proxy 0.5 to 0.5.3g and 0.6b-devel before 20070413 are vulnerable to this issue.

21. ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
BugTraq ID: 23546
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23546
Summary:
ProFTPD is reported prone to a security-restriction-bypass vulnerability because of an error in the AUTH API.

Attackers may exploit this issue to bypass security controls when multiple modules are configured with disparate authentication policies.

ProFTPD 1.2 and 1.3 branches are reported vulnerable; other versions may be affected as well.

NOTE: The latest version in the CVS repository reportedly addresses this issue.

22. Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
BugTraq ID: 23552
Remote: Yes
Date Published: 2007-04-18
Relevant URL: http://www.securityfocus.com/bid/23552
Summary:
Dovecot is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

23. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability
BugTraq ID: 23566
Remote: No
Date Published: 2007-04-19
Relevant URL: http://www.securityfocus.com/bid/23566
Summary:
OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions.

Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition.

Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable.

Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Kapersky Lab

Try Kaspersky Antivirus 6.0 Software
Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free

http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4

No comments:

Blog Archive