News

Wednesday, April 16, 2008

SecurityFocus Linux Newsletter #385

SecurityFocus Linux Newsletter #385
----------------------------------------

This issue is sponsored by Blackhat

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. LINUX VULNERABILITY SUMMARY
1. openMosix 'libmosix.c' Remote Stack-Based Buffer Overflow Vulnerability
2. LICQ File Descriptor Remote Denial of Service Vulnerability
3. GNU m4 Format String and Filename Quoting Vulnerabilities
4. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
5. Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability
6. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
7. Adobe Flash Player Unspecified DNS Rebinding Vulnerability
8. Python zlib Module Remote Buffer Overflow Vulnerability
9. Rsync 'xattr' Support Integer Overflow Vulnerability
10. EMC DiskXtender Hard Coded Authentication Credentials Vulnerability
11. EMC DiskXtender File System Manager Stack Based Buffer Overflow Vulnerability
12. EMC DiskXtender MediaStor RPC Interface Format String Vulnerability
13. Libpng Library Unknown Chunk Handler Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. DEF CON 16 Retro Announcement! Back to Bang!
2. EUSecWest CFP Closes April 14th (conf May 21/22 2008)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. openMosix 'libmosix.c' Remote Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 28663
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28663
Summary:
openMosix is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit this issue to cause denial-of-service conditions and possibly execute arbitrary code in the context of applications that use the openMosix API.

openMosix 2.4.20-3 is vulnerable; other versions may also be affected.

2. LICQ File Descriptor Remote Denial of Service Vulnerability
BugTraq ID: 28679
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28679
Summary:
LICQ is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Remote code-execution may also be possible, but this has not been confirmed.

3. GNU m4 Format String and Filename Quoting Vulnerabilities
BugTraq ID: 28688
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28688
Summary:
GNU m4 is prone to format-string and filename-quoting vulnerabilities.

To exploit these issues, attackers would have to coerce unsuspecting users to use the affected utility on malicious filenames or file content.

Successful exploits of the format-string vulnerability may allow remote attackers to execute arbitrary machine code in the context of the affected utility, facilitating the remote compromise of affected computers. The filename-quoting issue may allow malicious users to read or modify unintended files, possibly aiding in further attacks.

Versions prior to GNU m4 1.4.11 are vulnerable.

4. Squid Web Proxy Cache 'arrayShrink()' Remote Denial of Service Vulnerability
BugTraq ID: 28693
Remote: Yes
Date Published: 2008-04-09
Relevant URL: http://www.securityfocus.com/bid/28693
Summary:
Squid is prone to a remote denial-of-service vulnerability because of a flaw when processing HTTP headers for cached objects.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

NOTE: This vulnerability was caused by an incorrect fix for the issue described in BID 26687 (Squid Proxy Cache Update Reply Processing Remote Denial of Service Vulnerability; CVE-2007-6239).

This issue affects Squid 2.6 prior to 2.6.STABLE18.

5. Adobe Flash Player SWF File 'DeclareFunction2' ActionScript Tag Remote Code Execution Vulnerability
BugTraq ID: 28694
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28694
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability when handling certain embedded ActionScript objects.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

6. Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability
BugTraq ID: 28695
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28695
Summary:
Adobe Flash Player is prone to a remote buffer-overflow vulnerability when handling multimedia files with certain tags.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

7. Adobe Flash Player Unspecified DNS Rebinding Vulnerability
BugTraq ID: 28697
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28697
Summary:
Adobe Flash Player is prone to a vulnerability with an unspecified impact. The issue can be exploited by DNS rebinding.

Successfully exploiting this issue could allow the attacker to bypass the application's same-origin policy; other attacks are also possible.

NOTE: This issue may be a variant of the issue described in BID 26930, but currently not enough details are available to verify this. We will update this BID as more information emerges.

Adobe Flash Player 9.0.115.0 and earlier versions are affected.

8. Python zlib Module Remote Buffer Overflow Vulnerability
BugTraq ID: 28715
Remote: Yes
Date Published: 2008-04-09
Relevant URL: http://www.securityfocus.com/bid/28715
Summary:
Python zlib module is prone to a remote buffer-overflow vulnerability because the library fails to properly sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Python 2.5.2; other versions may also be vulnerable.

9. Rsync 'xattr' Support Integer Overflow Vulnerability
BugTraq ID: 28726
Remote: Yes
Date Published: 2008-04-10
Relevant URL: http://www.securityfocus.com/bid/28726
Summary:
The rsync utility is prone to a remote integer-overflow vulnerability because the application fails to properly ensure that user-supplied input doesn't overflow integer values. This may result in user-supplied data being copied past the end of a memory buffer.

Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating in the compromise of affected computers.

Versions of rsync between 2.6.9 and 3.0.1 that have 'xattr' support enabled are vulnerable.

10. EMC DiskXtender Hard Coded Authentication Credentials Vulnerability
BugTraq ID: 28727
Remote: Yes
Date Published: 2008-04-10
Relevant URL: http://www.securityfocus.com/bid/28727
Summary:
DiskXtender is prone to a security vulnerability because its authentication routines contain hard-coded authentication credentials.

Attackers can leverage this issue to gain unauthorized access and compromise the affected DiskXtender servers.

DiskXtender 6.20.060 for Windows is vulnerable; other versions may also be affected.

11. EMC DiskXtender File System Manager Stack Based Buffer Overflow Vulnerability
BugTraq ID: 28728
Remote: Yes
Date Published: 2008-04-11
Relevant URL: http://www.securityfocus.com/bid/28728
Summary:
EMC DiskXtender is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Authenticated attackers can leverage this issue to execute arbitrary code in the context of the application, which typically runs with SYSTEM privileges. Successful exploits will compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

DiskXtender 6.20.060 is vulnerable; other versions may also be affected.

12. EMC DiskXtender MediaStor RPC Interface Format String Vulnerability
BugTraq ID: 28729
Remote: Yes
Date Published: 2008-04-10
Relevant URL: http://www.securityfocus.com/bid/28729
Summary:
EMC DiskXtender is prone to a format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function.

Authenticated attackers can leverage this issue to execute arbitrary code in the context of the application, which typically runs with SYSTEM privileges. Successful exploits will compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

DiskXtender 6.20.060 for Windows is vulnerable; other versions may also be affected.

13. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

- libpng 1.0.6 through 1.0.32
- libpng 1.2.0 through 1.2.26
- libpng 1.4.0beta01 through 1.4.0beta19

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. DEF CON 16 Retro Announcement! Back to Bang!
http://www.securityfocus.com/archive/91/490836

2. EUSecWest CFP Closes April 14th (conf May 21/22 2008)
http://www.securityfocus.com/archive/91/490754

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Blackhat

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

No comments:

Blog Archive