News

Wednesday, July 11, 2007

SecurityFocus Linux Newsletter #345

SecurityFocus Linux Newsletter #345
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Achtung! New German Laws on Cybercrime
2. Don't Be Evil
II. LINUX VULNERABILITY SUMMARY
1. GSAMBAD Insecure Temporary File Creation Vulnerability
2. Fireflier-Server Insecure Temporary File Creation Vulnerability
3. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability
4. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
5. Retired: SlackRoll Malicious Package Denial of Service Vulnerability
6. GIMP PSD File Integer Overflow Vulnerability
7. ImLib BMP Image _LoadBMP Function Denial of Service Vulnerability
8. GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow Vulnerability
9. GFax Temporary Files Local Arbitrary Command Execution Vulnerability
10. JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness
11. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
12. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
13. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
14. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
15. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448

2. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators.
http://www.securityfocus.com/columnists/447


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. GSAMBAD Insecure Temporary File Creation Vulnerability
BugTraq ID: 24717
Remote: No
Date Published: 2007-07-01
Relevant URL: http://www.securityfocus.com/bid/24717
Summary:
GSAMBAD creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

An attacker may leverage this issue to corrupt or overwrite arbitrary files with the privileges of an unsuspecting user that activated the affected application. Reportedly, attackers can exploit this issue to escalate privileges.

All versions of GSAMBAD are considered to be vulnerable to this issue.

2. Fireflier-Server Insecure Temporary File Creation Vulnerability
BugTraq ID: 24718
Remote: No
Date Published: 2007-07-01
Relevant URL: http://www.securityfocus.com/bid/24718
Summary:
Fireflier-Server application creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to remove arbitrary files from the local system.

Successfully mounting a symlink attack may allow the attacker to remove sensitive files, which may result in a denial of service. Other attacks may also be possible.

3. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability
BugTraq ID: 24721
Remote: Yes
Date Published: 2007-07-01
Relevant URL: http://www.securityfocus.com/bid/24721
Summary:
phpEventCalendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpEventCalendar 0.2.3 and prior versions are reported prone to this issue.

4. Linux Kernel USBLCD Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 24734
Remote: No
Date Published: 2007-07-02
Relevant URL: http://www.securityfocus.com/bid/24734
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability because it fails to limit memory consumption by 'fast writers'.

Attackers can exploit this issue to consume memory, resulting in denial-of-service conditions.

Versions prior to 2.6.22-rc7 are vulnerable.

5. Retired: SlackRoll Malicious Package Denial of Service Vulnerability
BugTraq ID: 24739
Remote: Yes
Date Published: 2007-07-02
Relevant URL: http://www.securityfocus.com/bid/24739
Summary:
SlackRoll is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects versions prior to SlackRoll 10.

Further analysis reveals that this issue is not exploitable; therefore, this BID is being retired.

6. GIMP PSD File Integer Overflow Vulnerability
BugTraq ID: 24745
Remote: Yes
Date Published: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24745
Summary:
GIMP is prone to an integer-overflow vulnerability because it fails to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of the affected application.

GIMP 2.2.15 is vulnerable to this issue; other versions may also be affected.

7. ImLib BMP Image _LoadBMP Function Denial of Service Vulnerability
BugTraq ID: 24750
Remote: Yes
Date Published: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24750
Summary:
Imlib is prone to a denial-of-service vulnerability because the software fails to properly process certain BMP image files.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted BMP files.

An attacker could exploit this issue to cause denial-of-service conditions on applications using the affected library.

8. GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow Vulnerability
BugTraq ID: 24758
Remote: Yes
Date Published: 2007-07-03
Relevant URL: http://www.securityfocus.com/bid/24758
Summary:
GNU glibc is prone to an integer-overflow vulnerability because it fails to properly ensure that integer math operations do not wrap around.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected application. Failed exploit attempts will result in a denial of service.

GNU glibc 2.5 and prior versions are prone to this issue.

9. GFax Temporary Files Local Arbitrary Command Execution Vulnerability
BugTraq ID: 24780
Remote: No
Date Published: 2007-07-05
Relevant URL: http://www.securityfocus.com/bid/24780
Summary:
GFAX is prone to a vulnerability that lets local attackers execute arbitrary commands with superuser privileges. Successful attacks will result in the complete compromise of affected computers.

GFAX 0.7.6 is vulnerable; other versions may also be affected.

10. JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 24799
Remote: Yes
Date Published: 2007-07-06
Relevant URL: http://www.securityfocus.com/bid/24799
Summary:
JP1/HiCommand Series Products are prone to a remote protocol-negotiation weakness due to a design error.

Successful exploits may allow an attacker connecting to the affected server to replace the SSL 3 or TLS 1 protocol with the SSL 2 protocol. This may allow the attacker to exploit insecurities in SSL version 2 to gain access to or tamper with the clear-text communications between the targeted client and server.

This issue may be related to BID: 15071 OpenSSL Insecure Protocol Negotiation Weakness.

11. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
BugTraq ID: 24818
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24818
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle certain H.323 data.

Attackers can exploit this issue to crash the affected operating system, denying access to legitimate users.

Versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are vulnerable.

12. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
BugTraq ID: 24845
Remote: No
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24845
Summary:
The PowerPC Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to corrupt memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

Note that this issue affects only the Linux kernel on PowerPC architectures.

13. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

14. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
BugTraq ID: 24850
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24850
Summary:
Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets.

Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks.

Sun Java System Web Server 7.0 for the following operating systems is affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows
- HP-UX

Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows

15. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24854
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24854
Summary:
Centericq is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j

No comments:

Blog Archive