News

Tuesday, May 15, 2007

SecurityFocus Linux Newsletter #337

SecurityFocus Linux Newsletter #337
----------------------------------------

This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign.
Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity.
Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
II. LINUX VULNERABILITY SUMMARY
1. ELinks Relative Path Arbitrary Code Execution Vulnerability
2. LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability
3. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
4. PopTop PPTP Server GRE Packet Denial Of Service Vulnerability
5. Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
6. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
7. NetWin WebMail Unspecified Vulnerability
8. XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
9. Free-SA Multiple Buffer Overflow Vulnerabilities
10. TeamSpeak Server Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
11. TeamSpeak Server WebAdmin Interface Privilege Escalation Vulnerability
12. Samba MS-RPC Remote Shell Command Execution Vulnerability
13. Samba NDR MS-RPC Request Heap-Based Buffer Overflow Vulnerability
14. Samba SID Names Local Privilege Escalation Vulnerability
15. Linux Kernel 8250 Serial Driver Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. understanding chkrootkit and rkhunter logs
2. Center for Internet Security - Call for Participation
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. ELinks Relative Path Arbitrary Code Execution Vulnerability
BugTraq ID: 23844
Remote: No
Date Published: 2007-05-07
Relevant URL: http://www.securityfocus.com/bid/23844
Summary:
ELinks is prone to an arbitrary code-execution vulnerability.

An attacker can exploit this issue to potentially execute arbitrary code with the privileges of the user running the affected application.

This issue requires an attacker to trick an unsuspecting victim into running the vulnerable application in an attacker-controlled directory.

This issue affects ELinks 0.11.1; other versions may also be vulnerable.

2. LDAP Account Manager Modified Path Local Privilege Escalation Vulnerability
BugTraq ID: 23857
Remote: No
Date Published: 2007-05-07
Relevant URL: http://www.securityfocus.com/bid/23857
Summary:
LDAP Account Manager is prone to a local privilege-escalation vulnerability.

A local attacker may execute arbitrary code with superuser privileges. This may facilitate a complete compromise of the affected computer.

Versions prior to 1.0.0 are reported vulnerable to this issue.

3. Linux Kernel PPPoE Socket Local Denial of Service Vulnerability
BugTraq ID: 23870
Remote: No
Date Published: 2007-05-07
Relevant URL: http://www.securityfocus.com/bid/23870
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to exhaust memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

This issue affects the Linux kernel 2.6 series prior to 2.6.21-git8.

4. PopTop PPTP Server GRE Packet Denial Of Service Vulnerability
BugTraq ID: 23886
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23886
Summary:
PoPToP PPTP Server is prone to a denial-of-service vulnerability because it fails to adequately handle certain malformed packet data.

Attackers can exploit this issue to disconnect arbitrary PPTP connections.

PoPToP PPTP Server 1.3.4 is vulnerable; other versions may also be affected.

5. Python PyLocale_strxfrm Function Remote Information Leak Vulnerability
BugTraq ID: 23887
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23887
Summary:
Python applications that use the 'PyLocale_strxfrm' function are prone to an information leak.

Exploiting this issue allows remote attackers to read portions of memory.

Python 2.4.4-2 and 2.5 are confirmed vulnerable to this issue.

6. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
BugTraq ID: 23890
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23890
Summary:
IBM DB2 Universal Database is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Successful attacks can result in the compromise of the application or can cause denial-of-service conditions.

Few technical details are currently available. We will update this BID as more information emerges.

7. NetWin WebMail Unspecified Vulnerability
BugTraq ID: 23908
Remote: Yes
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23908
Summary:
NetWin Webmail is prone to an unspecified vulnerability.

Few technical details are currently available. We will update this BID as more information emerges.

Webmail versions prior to 3.1s-4 are vulnerable. NetWin SurgeMail versions prior to 3.8i3 are also affected because they are bundled with vulnerable Webmail packages.

8. XFSDump XFS_FSR Insecure Temporary File Creation Vulnerability
BugTraq ID: 23922
Remote: No
Date Published: 2007-05-11
Relevant URL: http://www.securityfocus.com/bid/23922
Summary:
The xfsdump 'xfs_fsr' utility creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully exploiting a symlink attack may allow the attacker to overwrite or corrupt sensitive files. This may result in a denial of service; other attacks may also be possible.

This issue affects xfsdump 2.2.38; other versions may be affected as well.

9. Free-SA Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 23924
Remote: Yes
Date Published: 2007-05-11
Relevant URL: http://www.securityfocus.com/bid/23924
Summary:
Free-SA is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

These issues affect Free-SA 1.2.1 and prior versions.

10. TeamSpeak Server Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 23933
Remote: Yes
Date Published: 2007-05-11
Relevant URL: http://www.securityfocus.com/bid/23933
Summary:
TeamSpeak Server is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

TeamSpeak Server 2.0.20.1 is vulnerable; other versions may also be affected.

11. TeamSpeak Server WebAdmin Interface Privilege Escalation Vulnerability
BugTraq ID: 23935
Remote: Yes
Date Published: 2007-05-11
Relevant URL: http://www.securityfocus.com/bid/23935
Summary:
TeamSpeak Server is prone to a privilege-escalation vulnerability.

Attackers with 'ServerAdmin' access can leverage this issue to gain certain 'SuperAdmin' privileges.

A successful attack will allow an attacker to create, start, stop, and delete TeamSpeak servers.

TeamSpeak Server 2.0.20.1 is vulnerable; other versions may also be affected.

12. Samba MS-RPC Remote Shell Command Execution Vulnerability
BugTraq ID: 23972
Remote: Yes
Date Published: 2007-05-14
Relevant URL: http://www.securityfocus.com/bid/23972
Summary:
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application.

This issue affects Samba 3.0.0 to 3.0.25rc3.

13. Samba NDR MS-RPC Request Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 23973
Remote: Yes
Date Published: 2007-05-14
Relevant URL: http://www.securityfocus.com/bid/23973
Summary:
Samba is prone to multiple remote heap-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit these issues to execute arbitrary code with superuser-level privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.

These issues affect Samba 3.0.25rc3 and prior versions.

14. Samba SID Names Local Privilege Escalation Vulnerability
BugTraq ID: 23974
Remote: No
Date Published: 2007-05-14
Relevant URL: http://www.securityfocus.com/bid/23974
Summary:
Samba is prone to a local privilege-escalation vulnerability due to a logic error in the 'smbd' daemon's internal security stack.

An attacker can exploit this issue to temporarily perform SMB/CIFS operations with superuser privileges. The attacker may leverage this issue to gain superuser access to the server.

Samba 3.0.23d through 3.0.25pre2 are vulnerable.

15. Linux Kernel 8250 Serial Driver Local Denial of Service Vulnerability
BugTraq ID: 23978
Remote: No
Date Published: 2007-05-14
Relevant URL: http://www.securityfocus.com/bid/23978
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because the software fails to handle exceptional conditions.

A local attacker can exploit this issue to crash the affected computer, denying service to legitimate users. The attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects kernel versions 2.6 prior to 2.6.20.11.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. understanding chkrootkit and rkhunter logs
http://www.securityfocus.com/archive/91/467957

2. Center for Internet Security - Call for Participation
http://www.securityfocus.com/archive/91/467965

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign.
Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity.
Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/

No comments:

Blog Archive