News

Tuesday, April 29, 2008

SecurityFocus Linux Newsletter #387

SecurityFocus Linux Newsletter #387
----------------------------------------

This issue is sponsored by Black Hat USA

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Who's Being Exploited?
2.On the Border
II. LINUX VULNERABILITY SUMMARY
1. MoinMoin Multiple ACL Security Bypass Vulnerabilities
2. grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
3. Asterisk IAX2 Packet Amplification Remote Denial of Service Vulnerability
4. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
5. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
6. phpMyAdmin Shared Host Remote Information Disclosure Vulnerability
7. xine-lib NES Sound Format Demuxer 'copyright' Buffer Overflow Vulnerability
8. Computer Associates ARCserve Backup Discovery Service Remote Denial Of Service Vulnerability
9. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
10. KDE 'start_kdeinit' Multiple Local Privilege Escalation Vulnerabilities
11. Linux Terminal Server Project 'ldm' Information Disclosure Vulnerability
12. util-linux-ng 'login' Remote Log Injection Weakness
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MoinMoin Multiple ACL Security Bypass Vulnerabilities
BugTraq ID: 28869
Remote: Yes
Date Published: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28869
Summary:
MoinMoin is prone to multiple security-bypass vulnerabilities because it fails to properly handle Access Control List (ACL) entries.

Successful exploits will allow attackers to bypass certain security restrictions and gain unauthorized access to administrative functionality. This in turn may lead to a compromise of the affected application.

Versions prior to MoinMoin 1.6.3 are affected.

2. grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
BugTraq ID: 28889
Remote: No
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28889
Summary:
The 'grsecurity' application is prone to multiple local security-bypass vulnerabilities because it fails to properly handle return values to certain functions in the RBAC (Role-Based Access Control) system.

Successful exploits will allow attackers to bypass certain security restrictions.

Versions prior to grsecurity 2.1.11-2.6.24.5 (2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21) are affected.

3. Asterisk IAX2 Packet Amplification Remote Denial of Service Vulnerability
BugTraq ID: 28901
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28901
Summary:
Asterisk is prone to a remote denial-of-service vulnerability caused by a flaw in the IAX2 protocol.

Successful exploits result in packet-amplification attacks. Malicious users can cause Asterisk to send large numbers of UDP datagrams to arbitrary addresses, potentially denying service to both the Asterisk service and networks that may become flooded.

4. VLC Media Player MP4 Demuxer Buffer Overflow Vulnerability
BugTraq ID: 28903
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28903
Summary:
VLC media player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to VLC media player 0.8.6f are vulnerable.

5. VLC Media Player Cinepak Codec Buffer Overflow Vulnerability
BugTraq ID: 28904
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28904
Summary:
VLC media player is prone to a buffer-overflow vulnerability because the Cinepak decoder fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6e is vulnerable; other versions may also be affected.

6. phpMyAdmin Shared Host Remote Information Disclosure Vulnerability
BugTraq ID: 28906
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28906
Summary:
phpMyAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue will allow attackers to view arbitrary files within the context of the webserver.

Versions prior to phpMyAdmin 2.11.5.2 are vulnerable.

7. xine-lib NES Sound Format Demuxer 'copyright' Buffer Overflow Vulnerability
BugTraq ID: 28908
Remote: Yes
Date Published: 2008-04-23
Relevant URL: http://www.securityfocus.com/bid/28908
Summary:
The 'xine-lib' library is prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running an application that relies on the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects xine-lib 1.1.12 and prior versions.

UPDATE (April 24, 2008): Guido Landi states that this is not a vulnerability because the buffer cannot be overrun. Symantec has not confirmed this.

8. Computer Associates ARCserve Backup Discovery Service Remote Denial Of Service Vulnerability
BugTraq ID: 28927
Remote: Yes
Date Published: 2008-04-24
Relevant URL: http://www.securityfocus.com/bid/28927
Summary:
Computer Associates ARCserve Backup is affected by a denial-of-service vulnerability because the application mishandles malformed user-supplied input.

A remote attacker may exploit this issue to cause denial-of-service conditions.

CA ARCserve Backup 12.0.5454.0 is affected by this issue; other versions may also be vulnerable.

9. Perl Unicode '\Q...\E' Quoting Construct Regular Expression Buffer Overflow Vulnerability
BugTraq ID: 28928
Remote: Yes
Date Published: 2008-04-24
Relevant URL: http://www.securityfocus.com/bid/28928
Summary:
Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary machine code in the context of Perl applications using regular expressions in a vulnerable manner. This facilitates the remote compromise of affected computers. Failed exploits can cause denial-of-service conditions.

Perl 5.8.8 is vulnerable to this issue; other versions may also be affected.

NOTE: This issue may be related to BID 26350 ('Perl Unicode Regular Expression Buffer Overflow Vulnerability').

10. KDE 'start_kdeinit' Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 28938
Remote: No
Date Published: 2008-04-26
Relevant URL: http://www.securityfocus.com/bid/28938
Summary:
The 'start_kdeinit' utility in KDE is prone to multiple local privilege-escalation vulnerabilities because it fails to properly sanitize input.

Successful attacks allow local users to send signals to arbitrary processes, triggering denial-of-service conditions. Attackers may also be able to execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

11. Linux Terminal Server Project 'ldm' Information Disclosure Vulnerability
BugTraq ID: 28960
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28960
Summary:
Linux Terminal Server Project is prone to an information-disclosure vulnerability.

An attacker can exploit this issue from the local network to obtain potentially sensitive information that may aid in further attacks.

12. util-linux-ng 'login' Remote Log Injection Weakness
BugTraq ID: 28983
Remote: Yes
Date Published: 2008-04-29
Relevant URL: http://www.securityfocus.com/bid/28983
Summary:
The 'login' utility from 'util-linux-ng' is prone to a weakness that allows remote attackers to inject false information into log files. This issue occurs because the utility fails to properly sanitize user-supplied input.

Successful exploits allow malicious users to inject false information into log files. The injected information may aid in indirect attacks against log-monitoring systems or may allow attackers to obfuscate malicious activity.

Versions prior to util-linux-ng 2.13.1.1 are prone to this issue.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

No comments:

Blog Archive