News

Loading...

Wednesday, December 05, 2007

SecurityFocus Linux Newsletter #366

SecurityFocus Linux Newsletter #366
----------------------------------------

This issue is Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009400


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Man in the Machine
2.Aye, Robot, or Can Computers Contract?
II. LINUX VULNERABILITY SUMMARY
1. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
2. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
3. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
4. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
5. ht://Dig Htsearch Cross Site Scripting Vulnerability
6. vlock Plugin Name Local Privilege Escalation Vulnerability
7. Rsync Use Chroot Insecure File Creation Vulnerability
8. Rsync Daemon Excludes Multiple File Access Vulnerabilities
9. Asterisk res_config_pgsql SQL Injection Vulnerability
10. Asterisk CDR_PGSQL SQL Injection Vulnerability
11. Red Hat Content Accelerator Memory Leak Local Denial Of Service Vulnerability
12. Sun Solaris LX(5) Branded Zones Unspecified Local Denial of Service Vulnerability
13. Zsh Insecure Temporary File Creation Vulnerability
14. Claws Mail Insecure Temporary File Creation Vulnerability
15. Ascential DataStage Multiple Local Vulnerabilities
16. SING Log Option Local Privilege Escalation Vulnerability
17. ZABBIX daemon_start Local Privilege Escalation Vulnerability
18. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. important errors to control with swatch
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Man in the Machine
By Federico Biancuzzi
In April 2007, when two security researchers demonstrated a flaw in the next-generation IPv6 routing scheme that would allow attackers to significantly amplify any denial-of-service attack by a factor of at least 80, networking expert Jun-ichiro "Itojun" Hagino worked to get Internet engineers to take the threat seriously.

http://www.securityfocus.com/columnists/459

2.Aye, Robot, or Can Computers Contract?
By Mark Rasch
A contract is usually described as a "meeting of the minds." One person makes an offer for goods or services; another person sees the offer and negotiates terms; the parties enter into an agreement of the offer; and some form of consideration is given in return for the provision of something of value. At least that's what I remember from first year law school contracts class.

http://www.securityfocus.com/columnists/458


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Mozilla Firefox and SeaMonkey Windows.Location Property HTTP Referer Header Spoofing Weakness
BugTraq ID: 26589
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26589
Summary:
Mozilla Firefox and SeaMonkey are prone to a weakness that allows an attacker to spoof HTTP Referer headers. This issue stems from a race condition in the affected application. The weakness arises because of a small timing difference when using a modal 'alert()' dialog, which allows users to generate fake HTTP Referer headers.

An attacker can exploit this issue to spoof HTTP referer headers. This may cause other security mechanisms that rely on this data to fail or to return misleading information.

This issue affects versions prior to Mozilla FireFox 2.0.0.10 and Mozilla SeaMonkey 1.1.7.

2. Mozilla Firefox Multiple Remote Unspecified Memory Corruption Vulnerabilities
BugTraq ID: 26593
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26593
Summary:
The Mozilla Foundation has released a security advisory disclosing three unspecified memory-corruption vulnerabilities.

Successfully exploiting these issues may allow attackers to execute code, facilitating the compromise of affected computers. Failed exploit attempts will likely crash the application.

Versions prior to Mozilla Firefox 2.0.0.10 and Mozilla SeaMonkey 1.1.7 are vulnerable to these issues.

3. Samhain Labs Samhain Insecure Random Number Generator Information Disclosure Weakness
BugTraq ID: 26597
Remote: Yes
Date Published: 2007-11-26
Relevant URL: http://www.securityfocus.com/bid/26597
Summary:
Samhain Labs Samhain is prone to an information-disclosure weakness because of an error in the use of the random number generator.

An attacker can exploit this issue to weaken encryption and other security-related algorithms, which may aid in further attacks.

The issue affects Samhain 2.4.0 and 2.4.0a. Note that versions prior to 2.4.0 are not vulnerable to this issue.

4. Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
BugTraq ID: 26605
Remote: No
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26605
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects version 2.6.23; other versions may also be affected.

5. ht://Dig Htsearch Cross Site Scripting Vulnerability
BugTraq ID: 26610
Remote: Yes
Date Published: 2007-11-27
Relevant URL: http://www.securityfocus.com/bid/26610
Summary:
ht://Dig is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows an attacker to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects ht://Dig 3.2.0b6; other versions may also be vulnerable.

6. vlock Plugin Name Local Privilege Escalation Vulnerability
BugTraq ID: 26624
Remote: No
Date Published: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26624
Summary:
The 'vlock' program is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects versions prior to vlock 2.2-rc3.

7. Rsync Use Chroot Insecure File Creation Vulnerability
BugTraq ID: 26638
Remote: No
Date Published: 2007-11-29
Relevant URL: http://www.securityfocus.com/bid/26638
Summary:
The 'rsync' utility is prone to a security vulnerability because it creates files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. This may result in denial-of-service conditions; other attacks are also possible.

This issue affects versions prior to rsync 3.0.0pre6.

8. Rsync Daemon Excludes Multiple File Access Vulnerabilities
BugTraq ID: 26639
Remote: Yes
Date Published: 2007-11-29
Relevant URL: http://www.securityfocus.com/bid/26639
Summary:
The rsync daemon is prone to multiple file-access vulnerabilities because it fails to properly validate 'exclude'-type options set in the daemon's configuration file 'rsyncd.conf'.

Attackers can exploit these issues to read sensitive information or overwrite files with writable permissions.

9. Asterisk res_config_pgsql SQL Injection Vulnerability
BugTraq ID: 26645
Remote: Yes
Date Published: 2007-11-29
Relevant URL: http://www.securityfocus.com/bid/26645
Summary:
Asterisk package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions prior to Asterisk 1.4.15.

10. Asterisk CDR_PGSQL SQL Injection Vulnerability
BugTraq ID: 26647
Remote: Yes
Date Published: 2007-11-29
Relevant URL: http://www.securityfocus.com/bid/26647
Summary:
Asterisk is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

This issue affects versions prior to:

Asterisk Open Source 1.2.25 and 1.4.15
Asterisk Business Edition B.2.3.4.

NOTE: This issue occurs only when the 'cdr_pgsql' module is enabled. This module is disabled by default.

11. Red Hat Content Accelerator Memory Leak Local Denial Of Service Vulnerability
BugTraq ID: 26657
Remote: No
Date Published: 2007-11-29
Relevant URL: http://www.securityfocus.com/bid/26657
Summary:
Red Hat Content Accelerator is prone to a denial-of-service vulnerability.

Exploiting this vulnerability may cause the system to crash due to a memory leak.

Red Hat Enterprise Linux (v. 5 server) and Red Hat Enterprise Linux Desktop (v. 5 client) are known to be affected by this issue.

12. Sun Solaris LX(5) Branded Zones Unspecified Local Denial of Service Vulnerability
BugTraq ID: 26672
Remote: No
Date Published: 2007-12-01
Relevant URL: http://www.securityfocus.com/bid/26672
Summary:
Sun Solaris is prone to an unspecified denial-of-service vulnerability caused by a race condition.

A local unprivileged attacker can exploit this issue to cause a system panic on an affected computer, resulting in a denial-of-service condition.

This issue affects Solaris 10 x86 running in 64-bit mode.

13. Zsh Insecure Temporary File Creation Vulnerability
BugTraq ID: 26674
Remote: No
Date Published: 2007-12-02
Relevant URL: http://www.securityfocus.com/bid/26674
Summary:
Zsh is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Zsh 4.3.4; other versions may also be vulnerable.

14. Claws Mail Insecure Temporary File Creation Vulnerability
BugTraq ID: 26676
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26676
Summary:
Claws Mail is prone to a security vulnerability because it creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects Claws Mail 3.1.0; other versions may also be vulnerable.

15. Ascential DataStage Multiple Local Vulnerabilities
BugTraq ID: 26677
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26677
Summary:
Ascential DataStage is prone to three security vulnerabilities that a local attacker may exploit to obtain sensitive information and to manipulate files.

These issues were reported to affect Ascential DataStage 7.5; other versions may also be affected.

16. SING Log Option Local Privilege Escalation Vulnerability
BugTraq ID: 26679
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26679
Summary:
SING is prone to a local privilege-escalation vulnerability.

Exploiting this issue may allow local attackers to gain elevated privileges, facilitating the complete compromise of affected computers.

SING 1.1 is vulnerable to this issue; other versions may also be affected.

17. ZABBIX daemon_start Local Privilege Escalation Vulnerability
BugTraq ID: 26680
Remote: No
Date Published: 2007-12-03
Relevant URL: http://www.securityfocus.com/bid/26680
Summary:
ZABBIX is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

This issue affects ZABBIX 1.4.2; prior versions may also be affected.

18. Linux Kernel DO_COREDUMP Local Information Disclosure Vulnerability
BugTraq ID: 26701
Remote: No
Date Published: 2007-11-28
Relevant URL: http://www.securityfocus.com/bid/26701
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain access to sensitive information. Information harvested may aid in further attacks.

Versions of the Linux kernel prior to 2.6.24-rc4 are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. important errors to control with swatch
http://www.securityfocus.com/archive/91/483940

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009400

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive