News

Loading...

Thursday, June 14, 2007

SecurityFocus Linux Newsletter #341

SecurityFocus Linux Newsletter #341
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded Problems
2. Security Analogies
II. LINUX VULNERABILITY SUMMARY
1. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
2. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
3. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
4. Util-linux Login Security Bypass Vulnerability
5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
6. W3M Browser InputAnswer Format String Vulnerability
7. LHA Insecure Temporary File Creation Vulnerability
8. RETIRED: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
9. Linux Kernel Bluetooth Null Pointer Deference Denial Of Service Vulnerability
10. ClamAV Multiple Unspecified Vulnerabilities
11. Asterisk SIP Channel Driver UDP Packets Remote Denial of Service Vulnerability
12. Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness
13. Linux Kernel SCTP Connection Denial Of Service Vulnerability
14. Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
15. Linux Kernel PRNG Entropy Weakness
16. Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
17. Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
18. OpenOffice RTF File Parser Buffer Overflow Vulnerability
19. EXIF Library EXIF File Processing Integer Overflow Vulnerability
20. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Embedded Problems
By Federico Biancuzzi
Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router.
http://www.securityfocus.com/columnists/446

2. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Todd Miller Sudo Ptrace API Local Privilege Escalation Vulnerability
BugTraq ID: 24287
Remote: No
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24287
Summary:
The 'sudo' utility and the 'ptrace' call are prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

2. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

3. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.

A successful attack may allow an attacker to cause denial-of-service conditions.

Versions prior to ClamAV 0.90.3 are affected.

4. Util-linux Login Security Bypass Vulnerability
BugTraq ID: 24321
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24321
Summary:
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.

Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.

Versions prior to 'util-linux' 2.12 are vulnerable.

5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
BugTraq ID: 24324
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24324
Summary:
A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds.

An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer.

Beatnik 1.0 is vulnerable; other versions may also be affected.

6. W3M Browser InputAnswer Format String Vulnerability
BugTraq ID: 24332
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24332
Summary:
W3M is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attack can exploit this issue to execute arbitrary machine code in the context of the user running the affected browser. A successful attack will compromise the application. Failed attempts may cause denial-of-service conditions.

Versions prior to W3M 0.5.2 are vulnerable.

7. LHA Insecure Temporary File Creation Vulnerability
BugTraq ID: 24336
Remote: No
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24336
Summary:
The 'lha' program creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

8. RETIRED: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities.

No further details are currently available. We will update this BID as more information emerges.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Specific vulnerable versions of Yahoo! Messenger are not known, but versions in the 8 series for Microsoft Windows are reported affected.

UPDATE (June 7, 2007): The vendor announced that a fix is being developed to address this issue.

This BID has been replaced by the following writeups:

BID 24355 Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
BID 24354 Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability

9. Linux Kernel Bluetooth Null Pointer Deference Denial Of Service Vulnerability
BugTraq ID: 24350
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24350
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected operating system, denying service to legitimate users.

Versions prior to 2.4.33.5 are vulnerable to this issue.

10. ClamAV Multiple Unspecified Vulnerabilities
BugTraq ID: 24358
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24358
Summary:
ClamAV is prone to multiple unspecified vulnerabilities.

These issues arise because the software incorrectly calculates the end of a buffer and gives improper permissions to temporary files.

Versions prior to ClamAV 0.90.3 are vulnerable to these issues.

11. Asterisk SIP Channel Driver UDP Packets Remote Denial of Service Vulnerability
BugTraq ID: 24359
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24359
Summary:
Asterisk is prone to a remote denial-of-service vulnerability because the application fails to properly handle certain SIP UDP packets.

Exploiting this issue allows remote attackers to cause the application to crash, effectively denying service to legitimate users.

NOTE: This record may be a duplicate of the issue discussed in BID 23093 (Asterisk SIP Channel Driver Response Code Zero Remote Denial of Service Vulnerability). We are still investigating this issue and will retire this BID if we find it to be a duplicate.

12. Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness
BugTraq ID: 24368
Remote: No
Date Published: 2007-06-07
Relevant URL: http://www.securityfocus.com/bid/24368
Summary:
The 'sudo' utility is prone to a local authentication-bypass weakness when used in conjunction with Kerberos. Attackers must first gain local, interactive access to a computer running 'sudo' configured to authenticate via Kerberos. They may do this by exploiting other latent vulnerabilities.

Successfully exploiting this issue allows local attackers to bypass sudo's authentication prompt, allowing them to perform actions that are granted to users via the 'sudoers' file.

This issue affects 'sudo' 1.6.8p12; other versions may also be affected.

13. Linux Kernel SCTP Connection Denial Of Service Vulnerability
BugTraq ID: 24376
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This BID initially discussed three weaknesses/vulnerabilities in the Linux kernel. These issues have been separated into the following individual records:

24389 Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
24390 Linux Kernel PRNG Entropy Weakness
24376 Linux Kernel SCTP Connection Denial Of Service Vulnerability

14. Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
BugTraq ID: 24389
Remote: No
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24389
Summary:
The Linux kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.21.4 and 2.6.20.13 are vulnerable.

This issue was initially reported in BID 24376 Linux Kernel Multiple Weaknesses and Vulnerabilities, but has been assigned its own record.

15. Linux Kernel PRNG Entropy Weakness
BugTraq ID: 24390
Remote: No
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24390
Summary:
The Linux kernel is prone to a weakness that may result in weaker cryptographic security.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This weakness was initially discussed in BID 24376 (Linux Kernel Multiple Weaknesses and Vulnerabilities), but has been assigned its own record.

16. Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
BugTraq ID: 24405
Remote: No
Date Published: 2007-06-07
Relevant URL: http://www.securityfocus.com/bid/24405
Summary:
Novell NetWare Modular Authentication Service (NMAS) is prone to a local information-disclosure vulnerability because 'NMASINST' dumps the admin account and password into a log file in clear text.

The flaw presents itself in NMAS 3.1.2; prior versions are also affected.

17. Firebird SQL Fbserver Remote Buffer Overflow Vulnerability
BugTraq ID: 24436
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24436
Summary:
Firebird SQL is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely crash the server, denying service to legitimate users.

Firebird SQL 2.0 is vulnerable; previous versions may also be affected.

18. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

19. EXIF Library EXIF File Processing Integer Overflow Vulnerability
BugTraq ID: 24461
Remote: Yes
Date Published: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24461
Summary:
The 'libexif' library is reported prone to an integer-overflow vulnerability. Reportedly, the issue presents itself when the affected library is processing malformed EXIF files.

Attackers may leverage this issue to execute arbitrary code in the context of an application that is linked to the vulnerable library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects 'libexif' 0.6.13 to 0.6.15; other versions may also be affected.

20. Open ISCSI Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 24471
Remote: No
Date Published: 2007-06-14
Relevant URL: http://www.securityfocus.com/bid/24471
Summary:
Open-iSCSI is prone to multiple local denial-of-service vulnerabilities.

A local attacker can exploit these issues to deny legitimate user access to the server daemon.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive