News

Thursday, December 20, 2007

SecurityFocus Linux Newsletter #368

SecurityFocus Linux Newsletter #368
----------------------------------------

This issue is Sponsored by: The Computer Forensics Show

Imangine the ability to view anything that ever appeared on almost any computer. The Computer Forensics Show is the "DON"T MISS" event of the year for IT professionals

The Computer Forensics Show
February 4-6, 2008
Washington Convention Center
Washington D.C.
www.computerforensicshow.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Copyrights and Wrongs
2.The Man in the Machine
II. LINUX VULNERABILITY SUMMARY
1. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
2. Linux Kernel Mmap_min_addr Local Security Bypass Vulnerability
3. XOOPS register.php Cross-Site Scripting Vulnerability
4. autofs nosuid Mount Option Local Privilege Escalation Vulnerability
5. Intel Wireless WiFi Link iwlwifi NULL Pointer Dereference Vulnerability
6. Portage 'etc-update' Local Information Disclosure Vulnerability
7. Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
8. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
9. Adobe Flash Player Multiple Security Vulnerabilities
10. Adobe Flash Player DNS Rebinding Vulnerability
11. libexif Image Tag Remote Integer Overflow Vulnerability
12. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
13. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
14. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
15. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
16. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.

http://www.securityfocus.com/columnists/460

2.The Man in the Machine
By Federico Biancuzzi
In April 2007, when two security researchers demonstrated a flaw in the next-generation IPv6 routing scheme that would allow attackers to significantly amplify any denial-of-service attack by a factor of at least 80, networking expert Jun-ichiro "Itojun" Hagino worked to get Internet engineers to take the threat seriously.

http://www.securityfocus.com/columnists/459


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 26791
Remote: Yes
Date Published: 2007-12-10
Relevant URL: http://www.securityfocus.com/bid/26791
Summary:
Samba is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

NOTE: This issue occurs only when the 'domain logons' option is enabled.

An attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful attacks will completely compromise affected computers. Failed exploit attempts will result in a denial of service.

2. Linux Kernel Mmap_min_addr Local Security Bypass Vulnerability
BugTraq ID: 26831
Remote: No
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26831
Summary:
The Linux kernel is prone to a security-bypass vulnerability.

A local attacker may exploit this issue to bypass certain security restrictions, which may lead to other attacks.

Versions prior to Linux kernel 2.6.24-rc5 are vulnerable.

3. XOOPS register.php Cross-Site Scripting Vulnerability
BugTraq ID: 26835
Remote: Yes
Date Published: 2007-12-12
Relevant URL: http://www.securityfocus.com/bid/26835
Summary:
XOOPS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

XOOPS 2.2.5 is vulnerable; prior versions may also be affected.

4. autofs nosuid Mount Option Local Privilege Escalation Vulnerability
BugTraq ID: 26841
Remote: No
Date Published: 2007-12-12
Relevant URL: http://www.securityfocus.com/bid/26841
Summary:
The 'autofs' utility is prone to a local privilege-escalation vulnerability because of a flaw in its default configuration. Filesystems mounted under '/net' using the 'hosts' automount map do not have the 'nosuid' mount option enabled by default.

Attackers can leverage this issue to gain superuser privileges. Successful exploits will completely compromise affected computers.

5. Intel Wireless WiFi Link iwlwifi NULL Pointer Dereference Vulnerability
BugTraq ID: 26842
Remote: Yes
Date Published: 2007-12-12
Relevant URL: http://www.securityfocus.com/bid/26842
Summary:
The 'iwlwifi' drive is prone to a NULL-pointer dereference vulnerability because of a flaw in the 'compatible/iwl3945-base.c' file.

Attackers can exploit this issue to trigger a kernel panic and cause denial-of-service conditions.

Versions prior to iwlwifi 1.1.22 are vulnerable.

6. Portage 'etc-update' Local Information Disclosure Vulnerability
BugTraq ID: 26864
Remote: No
Date Published: 2007-12-13
Relevant URL: http://www.securityfocus.com/bid/26864
Summary:
Portage is prone to a local information-disclosure vulnerability because it creates temporary files with an unsuitable 'umask'. As a result, the files are world-readable.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

Versions prior to Portage 2.1.3.11 are vulnerable to this issue.

7. Linux Kernel 'hrtimers' Local Denial of Service Vulnerability
BugTraq ID: 26880
Remote: No
Date Published: 2007-12-14
Relevant URL: http://www.securityfocus.com/bid/26880
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain 'hrtimers' relative timeout values.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.23.10 are vulnerable.

8. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
BugTraq ID: 26927
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

9. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 26929
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26929
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities, including:

- A privilege-escalation issue
- A cross-domain security-bypass issue
- An HTTP request-splitting issue

Attackers can exploit these vulnerabilities to compromise affected computers, execute arbitrary code and misrepresent how web content is served, cached, or interpreted. Other attacks are also possible.

These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior.

Notes:

- The issues described in CVE-2007-6244 have been reassigned to BID 26949 and BID 26960.
- The issue described in CVE-2007-6242 has been reassigned to BID 26951.

10. Adobe Flash Player DNS Rebinding Vulnerability
BugTraq ID: 26930
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.

Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.

11. libexif Image Tag Remote Integer Overflow Vulnerability
BugTraq ID: 26942
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26942
Summary:
The libexif library is prone to an integer-overflow vulnerability because the software fails to ensure that integer values are not overrun.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an application using the vulnerable library. Failed attempts will likely result in denial-of-service conditions.

12. Linux Kernel IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
BugTraq ID: 26943
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26943
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to adequately validate specially crafted IPv6 'Hop-By-Hop' headers.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

13. ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 26946
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26946
Summary:
ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

14. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

15. Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
BugTraq ID: 26951
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26951
Summary:
Adobe Flash Player is prone to a remote heap-based buffer-overflow vulnerability because the application fails to use consistent signedness when handling user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of a user running the application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0, and prior versions.

NOTE: This issue was originally covered by BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

16. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
BugTraq ID: 26960
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0 and prior.

Note: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities). However new technical details are available, therefore the issue has been assigned to this BID.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: The Computer Forensics Show

Imangine the ability to view anything that ever appeared on almost any computer. The Computer Forensics Show is the "DON"T MISS" event of the year for IT professionals

The Computer Forensics Show
February 4-6, 2008
Washington Convention Center
Washington D.C.
www.computerforensicshow.com

No comments:

Blog Archive