News

Wednesday, February 13, 2008

SecurityFocus Linux Newsletter #376

SecurityFocus Linux Newsletter #376
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Skills for the Future
2. Mother, May I?

II. LINUX VULNERABILITY SUMMARY
1. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
2. MPlayer 'demux_mov.c' Remote Code Execution Vulnerability
3. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
4. Sun Java RunTime Environment Read and Write Permission Multiple Privilege Escalation Vulnerabilities
5. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
6. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
7. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability
8. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
9. Netpbm GIFtoPNM Utility Buffer Overflow Vulnerability
10. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities
11. Website Meta Language Multiple Local Insecure Temporary File Creation Vulnerabilities
12. Linux Kernel 2.6.22.16 Multiple Memory Corruption Vulnerabilities
13. Linux Kernel 'tmpfs' filesystem Local Security Vulnerability
14. Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities
15. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service Vulnerability
16. Endian Firewall Multiple Cross-Site Scripting Vulnerabilities
17. MPlayer 'stream_cddb.c' Remote Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.
http://www.securityfocus.com/columnists/464

2. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MPlayer 'demux_audio.c' Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 27441
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27441
Summary:
MPlayer is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

MPlayer 1.0 rc2 is vulnerable; other versions may also be affected.

2. MPlayer 'demux_mov.c' Remote Code Execution Vulnerability
BugTraq ID: 27499
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27499
Summary:
MPlayer is prone to a remote code-execution vulnerability because it fails to sanitize certain 'MOV' file tags before using them to index heap memory.

An attacker can exploit this issue to execute arbitrary code, which can result in the complete compromise of the computer. Failed exploit attempts will result in a denial-of-service condition.

This issue affects MPlayer 1.0rc2; other versions may also be affected.

3. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
BugTraq ID: 27596
Remote: No
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27596
Summary:
IBM DB2 Universal Database Server is prone to multiple local vulnerabilities, including:

- An unspecified local vulnerability
- A local security-bypass vulnerability

Attackers can exploit these issues to compromise the affected application, execute arbitrary code within the context of the affected application, and bypass certain security restrictions. Other attacks are also possible.

These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 16.

NOTE: Two issues that were previously documented in this BID were given their own records to better document the details: BID 27681 ('IBM DB2 Universal Database DAS Buffer Overflow Vulnerability') and BID 27680 ('IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability').

4. Sun Java RunTime Environment Read and Write Permission Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 27650
Remote: Yes
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27650
Summary:
Sun Java Runtime Environment is prone to multiple privilege-escalation vulnerabilities when running untrusted applications or applets.

Successful exploits will compromise arbitrary data and possibly the underlying computer.

These issues affect the following versions:

JDK and JRE 6 Update 1 and earlier
JDK and JRE 5.0 Update 13 and earlier.

5. TCL/TK Tk Toolkit 'ReadImage()' GIF File Buffer Overflow Vulnerability
BugTraq ID: 27655
Remote: Yes
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27655
Summary:
TCL/TK Tk Toolkit is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer.

Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected toolkit. Failed exploit attempts likely result in denial-of-service conditions.

Versions prior to TCL/TK 8.5.1 are vulnerable to this issue.

6. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
BugTraq ID: 27665
Remote: Yes
Date Published: 2008-02-05
Relevant URL: http://www.securityfocus.com/bid/27665
Summary:
IBM WebSphere Edge Server Caching Proxy is prone to a cross-site scripting vulnerability that affects the caching proxy server because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The vulnerability affects Caching Proxy 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, and 6.1. Other versions may also be affected.

7. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability
BugTraq ID: 27680
Remote: No
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27680
Summary:
IBM DB2 Universal Database Server is prone to a local privilege-escalation vulnerability because of how the application contructs library paths.

Exploiting this issue allows local attackers to gain root privileges. Note that an attacker must be able to execute the set-uid root 'db2pd' binary to exploit this issue.

DB2 Universal Database Server 9.1 FixPack 2 on Linux systems is vulnerable. Other versions, including those for other UNIX platforms, are suspected to be vulnerable.

NOTE: This vulnerability was previously disclosed in BID 27596 'IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities'. Due to more information, it has been assigned its own record.

8. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
BugTraq ID: 27681
Remote: Yes
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27681
Summary:
IBM DB2 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected service. Successfully exploiting this issue may facilitate in the remote compromise of affected computers. Failed exploit attempts will likely crash the affected application.

NOTE: This vulnerability was previously disclosed in BID 27596 (IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities). Due to more information, it has been assigned its own record.

9. Netpbm GIFtoPNM Utility Buffer Overflow Vulnerability
BugTraq ID: 27682
Remote: Yes
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27682
Summary:
Netpbm is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

The precise implications of this issue are currently unavailable, but given the nature of the issue, a successfully exploit may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to Netpbm 10.27 are vulnerable.

10. Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Multiple Remote Vulnerabilities
BugTraq ID: 27683
Remote: Yes
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27683
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.11 and prior versions.

Exploiting these issues can allow attackers to:

- remotely execute arbitrary code
- cause denial-of-service conditions
- hide contents of security warnings
- access sensitive information
- escape sandbox and execute scripts with chrome privileges
- inject script code into other sites and violate the same-origin policy

Other attacks are possible.

These issues are present in Firefox 2.0.0.11 and prior versions. Mozilla Thunderbird 2.0.0.9 and prior versions as well as SeaMonkey 1.1.7 and prior versions are also affected by many of these vulnerabilities.

11. Website Meta Language Multiple Local Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 27685
Remote: No
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27685
Summary:
Website Meta Language is reportedly affected by multiple local vulnerabilities because it creates temporary files in an insecure way. These issues stem from a design error that causes the application to fail to verify the presence of a file before writing to it.

An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates a vulnerable application.

Website Meta Language 2.0.11 is affected by these vulnerabilities; other versions may also be affected.

12. Linux Kernel 2.6.22.16 Multiple Memory Corruption Vulnerabilities
BugTraq ID: 27686
Remote: No
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27686
Summary:
The Linux kernel is prone to multiple memory-corruption vulnerabilities due to insufficient range checking in certain fault handlers.

Local attackers could exploit these issues to cause denial-of-service conditions, bypass certain security restrictions, and potentially access sensitive information or gain elevated privileges.

These issues affect versions prior to 2.6.22.17.

13. Linux Kernel 'tmpfs' filesystem Local Security Vulnerability
BugTraq ID: 27694
Remote: No
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27694
Summary:
Linux Kernel is prone to a vulnerability that allows attackers to obtain sensitive information or to cause a denial-of-service condition.

14. Linux Kernel Multiple Prior to 2.6.24.1 Multiple Memory Access Vulnerabilities
BugTraq ID: 27704
Remote: No
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27704
Summary:
The Linux kernel is prone to multiple memory access vulnerabilities, including:

- A vulnerability that allows unauthorized users to read arbitrary memory locations.
- A vulnerability that allows unauthorized users to write to arbitrary memory locations.
- A vulnerability that allows local attackers to access resources in certain vservers.

An attacker can exploit these issues to read and write to arbitrary memory locations on the affected computer.

This issue affects versions prior to Linux Kernel 2.6.24.1.

15. Linux Kernel Driver Fault Handler 'mmap.c' Local Denial of Service Vulnerability
BugTraq ID: 27705
Remote: No
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27705
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check certain fault handlers for device drivers.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Versions prior to Linux kernel 2.6.24.1 are vulnerable.

16. Endian Firewall Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 27758
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27758
Summary:
Endian Firewall is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Attackers can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help attackers steal cookie-based authentication credentials and launch other attacks.

Endian Firewall version 2.1.2 is vulnerable to these issues; other versions may also be affected.

17. MPlayer 'stream_cddb.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 27765
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27765
Summary:
MPlayer is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

MPlayer 1.0 rc2 is vulnerable; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive