News

Friday, February 01, 2008

SecurityFocus Linux Newsletter #374

SecurityFocus Linux Newsletter #374
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mother May I?
2. Finding a Cure for Data Loss
II. LINUX VULNERABILITY SUMMARY
1. MoinMoin MOIN_ID Cookie Remote Input Validation Vulnerability
2. IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions Vulnerability
3. PulseAudio Local Privilege Escalation Vulnerability
4. International Components for Unicode Library (libicu) Multiple Memory Corruption Vulnerabilities
5. Firebird Username Remote Buffer Overflow Vulnerability
6. Linux Kernel 'isdn_common.c' Local Buffer Overflow Vulnerability
7. ELOG 'logbook' HTML Injection Vulnerability
8. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
9. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
10. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

2.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MoinMoin MOIN_ID Cookie Remote Input Validation Vulnerability
BugTraq ID: 27404
Remote: Yes
Date Published: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27404
Summary:
MoinMoin is prone to an input-validation vulnerability because it fails to properly sanitize user-supplied cookie data.

An attacker can exploit this issue to gain unauthorized access to the affected application, which may lead to further attacks.

Versions in the MoinMoin 1.5 series are vulnerable.

UPDATE: The 'quicklinks' parameter may be used to insert PHP code into writable files in conjunction with this issue. Attackers could potentially inject executable script code into writable PHP files located outside of the MoinMoin installation.

2. IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions Vulnerability
BugTraq ID: 27433
Remote: No
Date Published: 2008-01-22
Relevant URL: http://www.securityfocus.com/bid/27433
Summary:
IBM AIX WebSM Remote Client for Linux is prone to a local insecure-file-permissions vulnerability.

A local attacker can exploit this issue to gain unauthorized access to certain files and alter the behavior of the affected application. This may help in further attacks.

3. PulseAudio Local Privilege Escalation Vulnerability
BugTraq ID: 27449
Remote: No
Date Published: 2008-01-25
Relevant URL: http://www.securityfocus.com/bid/27449
Summary:
PulseAudio is prone to a local privilege-escalation vulnerability because the application fails to properly ensure that it has dropped its privileges.

Exploiting this issue could allow attackers to perform certain actions with superuser privileges.

This vulnerability affects versions prior to PulseAudio 0.9.9.

4. International Components for Unicode Library (libicu) Multiple Memory Corruption Vulnerabilities
BugTraq ID: 27455
Remote: Yes
Date Published: 2008-01-25
Relevant URL: http://www.securityfocus.com/bid/27455
Summary:
The International Components for Unicode library (libicu) is prone to multiple memory-corruption vulnerabilities.

Successfully exploiting these issues allows remote attackers to corrupt and overflow memory and possibly execute remote code. Failed exploit attempts will likely crash applications.

These issues affect libicu 3.8.1 and prior versions.

5. Firebird Username Remote Buffer Overflow Vulnerability
BugTraq ID: 27467
Remote: Yes
Date Published: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27467
Summary:
Firebird is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected database server. Failed exploit attempts will likely cause denial-of-service conditions.

The issue affects the following versions:

Firebird 1.5.4
Firebird 2.0
Firebird 2.0.1
Firebird 2.0.2
Firebird 2.0.3
Firebird 2.1 Alpha 1
Firebird 2.1 Beta 1
Firebird 2.1 Beta 2

6. Linux Kernel 'isdn_common.c' Local Buffer Overflow Vulnerability
BugTraq ID: 27497
Remote: No
Date Published: 2008-01-29
Relevant URL: http://www.securityfocus.com/bid/27497
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.25.

7. ELOG 'logbook' HTML Injection Vulnerability
BugTraq ID: 27526
Remote: Yes
Date Published: 2008-01-30
Relevant URL: http://www.securityfocus.com/bid/27526
Summary:
ELOG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

This issue affects versions prior to ELOG 2.7.2.

8. xdg-utils 'xdg-open' and 'xdg-email' Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 27528
Remote: Yes
Date Published: 2008-01-30
Relevant URL: http://www.securityfocus.com/bid/27528
Summary:
The 'xdg-utils' package is prone to a remote command-execution vulnerabilities.

An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious file.

Successful exploits will allow attackers to execute arbitrary commands with the privileges of the user running the affected application.

9. Linux Kernel PowerPC 'chrp/setup.c' NULL Pointer Dereference Denial of Serviced Vulnerability
BugTraq ID: 27555
Remote: No
Date Published: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27555
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.

This issue affects Linux kernel 2.4.21 through 2.6.18-53 running on the PowerPC architecture.

10. Linux Kernel Page Faults Using NUMA Local Denial of Service Vulnerability
BugTraq ID: 27556
Remote: No
Date Published: 2008-01-31
Relevant URL: http://www.securityfocus.com/bid/27556
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly handle certain page faults when using NUMA (Non-Uniform Memory Access) methods.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Linux kernel 2.6.9 and prior versions are vulnerable. This issue affects the Itanium architecture; other architectures may also be vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive