News

Thursday, January 24, 2008

SecurityFocus Linux Newsletter #373

SecurityFocus Linux Newsletter #373
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mother May I?
2. Finding a Cure for Data Loss
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel VFS Unauthorized File Access Vulnerability
2. Cisco VPN Client for Windows Local Denial of Service Vulnerability
3. Boost Library Regular Expression Remote Denial of Service Vulnerabilities
4. apt-listchanges Unsafe Paths Library Import Local Shell Code Execution Vulnerability
5. RETIRED: X.Org X Server Local Privilege Escalation and Information Disclosure Vulnerabilities
6. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
7. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
8. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
9. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
10. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
11. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
12. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
13. BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
14. Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15. MoinMoin MOIN_ID Cookie Remote Authentication Bypass Vulnerability
16. IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

2.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel VFS Unauthorized File Access Vulnerability
BugTraq ID: 27280
Remote: No
Date Published: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27280
Summary:
The Linux kernel is prone to an unauthorized file-access vulnerability affecting the VFS (Virtual Filesystem) module.

A local attacker can exploit this issue to access arbitrary files on the affected computer. Successfully exploiting this issue may grant the attacker elevated privileges on affected computers. Other attacks are also possible.

This issue affects kernel versions prior to 2.6.23.14.

2. Cisco VPN Client for Windows Local Denial of Service Vulnerability
BugTraq ID: 27289
Remote: No
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27289
Summary:
Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs.

Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users.

This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected.

3. Boost Library Regular Expression Remote Denial of Service Vulnerabilities
BugTraq ID: 27325
Remote: Yes
Date Published: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27325
Summary:
The Boost library is prone to a remote denial-of-service vulnerability because it fails to adequately verify user-supplied input on regular expressions.

Successful exploits may allow remote attackers to cause denial-of-service conditions on applications that use the affected library.

This issue affects Boost 1.33.1 and 1.34.1; other versions may also be affected.

4. apt-listchanges Unsafe Paths Library Import Local Shell Code Execution Vulnerability
BugTraq ID: 27331
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27331
Summary:
The 'apt-listchanges' tool is prone to a vulnerability that allows arbitrary shell code to run. This issue occurs because the software uses unsafe paths when importing certain libraries.

Attackers can exploit this issue to execute arbitrary shell code with superuser privileges. Successful attacks will completely compromise the computer.

Versions prior to apt-listchanges 2.82 are vulnerable.

5. RETIRED: X.Org X Server Local Privilege Escalation and Information Disclosure Vulnerabilities
BugTraq ID: 27336
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27336
Summary:
X.Org X Server is prone to multiple local privilege-escalation vulnerabilities and an information-disclosure vulnerability.

Attackers can exploit these issues to execute arbitrary code with superuser privileges, crash the affected computer, or obtain potentially sensitive information.

NOTE: This BID is being retired because each of the vulnerabilities has been given its own record as follows:

27350 X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
27351 X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
27352 X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
27353 X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
27354 X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
27355 X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
27356 X.Org X Server X:1 -sp Command Information Disclosure Vulnerability

6. X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
BugTraq ID: 27350
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27350
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

7. X.Org X Server 'Xinput' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27351
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27351
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

8. X.Org X Server PCF Font Parser Buffer Overflow Vulnerability
BugTraq ID: 27352
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27352
Summary:
X.Org X Server is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to execute arbitrary code with the privileges of the server. Failed attacks will cause denial-of-service conditions.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

9. X.Org X Server 'EVI' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27353
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27353
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

10. X.Org X Server 'PassMessage' Request Local Privilege Escalation Vulnerability
BugTraq ID: 27354
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27354
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of an affected computer. Failed exploit attempts will likely crash the computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

11. X.Org X Server 'TOG-CUP' Extension Local Privilege Escalation Vulnerability
BugTraq ID: 27355
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27355
Summary:
X.Org X Server is prone to a local privilege-escalation vulnerability.

Attackers can exploit this issue to execute arbitrary code with superuser privileges or to crash the affected computer.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

12. X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
BugTraq ID: 27356
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27356
Summary:
X.Org X Server is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks.

NOTE: This vulnerability was previously covered in BID 27336 (X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities), but has been given its own record to better document the issue.

13. BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
BugTraq ID: 27358
Remote: Yes
Date Published: 2008-01-19
Relevant URL: http://www.securityfocus.com/bid/27358
Summary:
BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue allows an attacker to access potentially sensitive information that could aid in further attacks.

BitDefender Security for File Servers, BitDefender Enterprise Manger, and other BitDefender products that include the Update Server are vulnerable. This issue affects Update Server when running on Windows; Linux and UNIX variants may also be affected.

14. Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
BugTraq ID: 27365
Remote: Yes
Date Published: 2008-01-20
Relevant URL: http://www.securityfocus.com/bid/27365
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability because the application fails to properly restrict access to sensitive information.

Remote attackers can exploit this issue to obtain confidential user-authentication credentials.

The issue affects Tomcat 5.5.20; prior versions may also be vulnerable.

15. MoinMoin MOIN_ID Cookie Remote Authentication Bypass Vulnerability
BugTraq ID: 27404
Remote: Yes
Date Published: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27404
Summary:
MoinMoin is prone to an authentication-bypass vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to gain unauthorized access to the affected application, which may lead to further attacks.

Versions in the MoinMoin 1.5 series are vulnerable.

16. IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions Vulnerability
BugTraq ID: 27433
Remote: No
Date Published: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27433
Summary:
IBM AIX WebSM Remote Client for Linux is prone to a local insecure-file-permissions vulnerability.

A local attacker can exploit this issue to gain unauthorized access to certain files and alter the behavior of the affected application. This may help in further attacks.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive