News

Wednesday, June 06, 2007

SecurityFocus Linux Newsletter #340

SecurityFocus Linux Newsletter #340
----------------------------------------

This Issue is Sponsored by: Norwich University

Norwich University's Master of Science in Information Assurance Program compliments the skills of information security professionals while preparing them to take on management roles in an organization-wide information security program, such as Chief Security Officers, Security Administrators and Chief Information Security Officers. This 18 month program is conveniently delivered online and is accredited by The National Security Agency and Department of Homeland Security as a "Center for Academic Excellence in Information Assurance Education"

For more information, visit http://www.msia.norwich.edu/lsec


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Analogies
2. Your Space, My Space, Everybody's Space
II. LINUX VULNERABILITY SUMMARY
1. Avira Antivir Antivirus Multiple Remote Vulnerabilities
2. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
3. Multiple F-Secure Products Packed Executables and Archives Denial of Service Vulnerability
4. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
5. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
6. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
7. Mozilla Products Multiple Remote Vulnerabilities
8. HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability
9. PHP Chunk_Split() Function Integer Overflow Vulnerability
10. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
11. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
12. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
13. Util-linux Login Security Bypass Vulnerability
14. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
15. W3M Browser InputAnswer Format String Vulnerability
16. LHA Insecure Temporary File Creation Vulnerability
17. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Survey on Supercomputer Cluster Security
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445

2. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Avira Antivir Antivirus Multiple Remote Vulnerabilities
BugTraq ID: 24187
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24187
Summary:
Avira Antivir Antivirus is prone to multiple remote vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with elevated privileges, facilitating the complete compromise of affected computers. Attackers may also trigger denial-of-service conditions by crashing the application or causing infinite loops.

These issues affect:

Avira Antivir AVPack versions prior to 7.03.00.09
Engine versions prior to 7.04.00.24

2. Mutt Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability
BugTraq ID: 24192
Remote: No
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24192
Summary:
Mutt is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

An attacker can exploit this issue to execute arbitrary code with the with the privileges of the victim. Failed exploit attempts will result in a denial of service.

3. Multiple F-Secure Products Packed Executables and Archives Denial of Service Vulnerability
BugTraq ID: 24234
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24234
Summary:
Multiple F-Secure products are prone to a denial-of-service vulnerability because the software fails to handle exceptional conditions.

An attacker can exploit this issue to cause a denial-of-service conditon.

4. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BugTraq ID: 24235
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24235
Summary:
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files.

5. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
BugTraq ID: 24237
Remote: No
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24237
Summary:
Multiple F-Secure workstation and file-server products are prone to a local privilege-escalation vulnerability.

Exploiting this vulnerability allows local attackers to gain superuser or SYSTEM-level privileges, leading to a complete compromise of the affected computer.

6. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24239
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24239
Summary:
Avira Antivir is prone to a denial-of-service vulnerability because the application fails to handle certain TAR archives.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted TAR archives.

A successful attack may allow attackers to cause denial-of-service conditions.

7. Mozilla Products Multiple Remote Vulnerabilities
BugTraq ID: 24242
Remote: Yes
Date Published: 2007-05-31
Relevant URL: http://www.securityfocus.com/bid/24242
Summary:
The Mozilla Foundation has released six security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content

Other attacks may also be possible.

8. HP System Management Homepage (SMH) Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 24256
Remote: Yes
Date Published: 2007-05-31
Relevant URL: http://www.securityfocus.com/bid/24256
Summary:
HP System Management Homepage is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Versions of HP System Management Homepage (SMH) prior to 2.1.2 for Linux and Windows are affected.

9. PHP Chunk_Split() Function Integer Overflow Vulnerability
BugTraq ID: 24261
Remote: Yes
Date Published: 2007-05-31
Relevant URL: http://www.securityfocus.com/bid/24261
Summary:
PHP is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun. Attackers may exploit this issue to cause a buffer overflow and to corrupt process memory.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects versions of PHP prior to 5.2.3.

10. Sun Java Runtime Environment Image Parsing Buffer Overflow Vulnerability
BugTraq ID: 24267
Remote: Yes
Date Published: 2007-06-01
Relevant URL: http://www.securityfocus.com/bid/24267
Summary:
The Sun Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of a user who invokes a malicious Java applet.

11. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
BugTraq ID: 24287
Remote: No
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24287
Summary:
The 'sudo' utility and the 'ptrace' call are prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

12. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.

A successful attack may allow an attacker to cause denial-of-service conditions.

Versions prior to ClamAV 0.90.3 are affected.

13. Util-linux Login Security Bypass Vulnerability
BugTraq ID: 24321
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24321
Summary:
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.

Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.

Versions prior to 'util-linux' 2.12 are vulnerable.

14. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
BugTraq ID: 24324
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24324
Summary:
A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds.

An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer.

Beatnik 1.0 is vulnerable; other versions may also be affected.

15. W3M Browser InputAnswer Format String Vulnerability
BugTraq ID: 24332
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24332
Summary:
W3M is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attack can exploit this issue to execute arbitrary machine code in the context of the user running the affected browser. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.

Versions prior to W3M 0.5.2 are vulnerable.

16. LHA Insecure Temporary File Creation Vulnerability
BugTraq ID: 24336
Remote: No
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24336
Summary:
The 'lha' program creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

17. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities.

No further information is currently available. This BID will be updated as more information is disclosed.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Specific vulnerable Yahoo! Messenger versions are not known, but versions in the 8 series for Microsoft Windows are reportedly affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Survey on Supercomputer Cluster Security
http://www.securityfocus.com/archive/91/469540

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Norwich University

Norwich University's Master of Science in Information Assurance Program compliments the skills of information security professionals while preparing them to take on management roles in an organization-wide information security program, such as Chief Security Officers, Security Administrators and Chief Information Security Officers. This 18 month program is conveniently delivered online and is accredited by The National Security Agency and Department of Homeland Security as a "Center for Academic Excellence in Information Assurance Education"

For more information, visit http://www.msia.norwich.edu/lsec

No comments:

Blog Archive