News

Tuesday, May 13, 2008

SecurityFocus Linux Newsletter #389

SecurityFocus Linux Newsletter #389
----------------------------------------

This issue is sponsored by Blackhat USA

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Click Crime
2. Just Who's Being Exploited?
II. LINUX VULNERABILITY SUMMARY
1. WebMod Multiple Remote Security Vulnerabilities
2. CDF (Common Data Format) Library 'src/lib/cdfread64.c' Stack Based Buffer Overflow Vulnerability
3. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
4. Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service Vulnerability
5. Linux Kernel '/include/xen/blkif.h' 32-on-64 Support Denial Of Service Vulnerability
6. Linux Kernel Asynchronous FIFO IO Local Denial of Service Vulnerability
7. Linux Kernel Direction Flag Local Memory Corruption Vulnerability
8. Linux Kernel 'ssm_i' Emulation Hypervisor Panic Denial of Service Vulnerability
9. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
10. Sun Ray Kiosk Mode Unspecified Privilege Escalation Vulnerability
11. rdesktop Multiple Remote Memory Corruption Vulnerabilities
12. Firebird 'ISC_PASSWORD' Environment Variable Unauthorized Access Vulnerability
13. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
14. Nagios Unspecified Cross-Site Scripting Vulnerability
15. SARG Multiple Unspecified Buffer Overflow Vulnerabilities
16. Debian OpenSSL Package Random Number Generator Weakness
17. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
18. Xen Para-Virtualized Framebuffer Message Format Denial Of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Click Crime
By Mark Rasch
It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one.

http://www.securityfocus.com/columnists/471

2.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. WebMod Multiple Remote Security Vulnerabilities
BugTraq ID: 29031
Remote: Yes
Date Published: 2008-05-03
Relevant URL: http://www.securityfocus.com/bid/29031
Summary:
WebMod is prone to multiple remote security vulnerabilities, including a directory-traversal issue, a stack-based buffer-overflow issue, multiple memory-corruption issues, and an information-disclosure issue.

Attackers can exploit these issues to execute arbitrary code with the privileges of the user running the affected application, obtain sensitive information to aid in further attacks, or cause denial-of-service conditions.

WebMod 0.48 is vulnerable; other versions may also be affected.

2. CDF (Common Data Format) Library 'src/lib/cdfread64.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29045
Remote: Yes
Date Published: 2008-05-05
Relevant URL: http://www.securityfocus.com/bid/29045
Summary:
The CDF (Common Data Format) library is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data when processing CDF files.

Attackers can exploit this issue by enticing unsuspecting users to open malicious files. Successful exploits will allow code to run with the privileges of the user. Failed attacks will cause denial-of-service conditions.

CDF 3.2 and prior versions are vulnerable.

3. Linux Kernel 'fcntl_setlk()' SMP Ordering Local Denial of Service Vulnerability
BugTraq ID: 29076
Remote: No
Date Published: 2008-05-06
Relevant URL: http://www.securityfocus.com/bid/29076
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger kernel crashes, denying service to legitimate users.

Versions prior to Linux kernel 2.6.25.2 and 2.4.36.4 are vulnerable.

4. Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service Vulnerability
BugTraq ID: 29081
Remote: Yes
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29081
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

NOTE: This issue occurs on computers that have NetScreen firewalls or Cisco PIX installed.

5. Linux Kernel '/include/xen/blkif.h' 32-on-64 Support Denial Of Service Vulnerability
BugTraq ID: 29082
Remote: No
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29082
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because the software fails to perform sanity checks when handling values when running 32-bit paravirtualized guests on a 64-bit host.

Local, privileged attackers can leverage the issue to crash the kernel and deny service to legitimate users.

6. Linux Kernel Asynchronous FIFO IO Local Denial of Service Vulnerability
BugTraq ID: 29083
Remote: No
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29083
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger kernel panics, denying service to legitimate users.

Versions prior to Linux kernel 2.4.21 are vulnerable.

7. Linux Kernel Direction Flag Local Memory Corruption Vulnerability
BugTraq ID: 29084
Remote: No
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29084
Summary:
The Linux kernel is prone to a vulnerability that can corrupt kernel memory.

A local attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

8. Linux Kernel 'ssm_i' Emulation Hypervisor Panic Denial of Service Vulnerability
BugTraq ID: 29085
Remote: No
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29085
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability in certain virtualized environments.

An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.

NOTE: This issue may affect only the IA-64 architecture.

9. Linux Kernel x86_64 ptrace Denial Of Service Vulnerability
BugTraq ID: 29086
Remote: No
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29086
Summary:
The Linux kernel is prone to a denial-of-service vulnerability when process traces are performed on 64-bit computers.

Local attackers can leverage the issue to crash the kernel and deny service to legitimate users.

10. Sun Ray Kiosk Mode Unspecified Privilege Escalation Vulnerability
BugTraq ID: 29092
Remote: Yes
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29092
Summary:
Sun Ray Server Software is prone to an unspecified privilege-escalation vulnerability. This issue affects the software when it is running in Kiosk Mode and is exploitable only by attackers with administrative privileges in the web-based administrative interface.

Successfully exploiting this issue allows local and remote attackers to gain superuser access to the underlying operating system running the vulnerable software. This facilitates the complete compromise of affected computers.

11. rdesktop Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 29097
Remote: Yes
Date Published: 2008-05-07
Relevant URL: http://www.securityfocus.com/bid/29097
Summary:
The 'rdesktop' program is prone to multiple remote memory-corruption vulnerabilities because it fails to properly validate incoming packets.

A remote attacker can exploit these issues to execute arbitrary code in the context of the currently logged-in user.

These issues affect rdesktop 1.5.0; other versions may also be vulnerable.

12. Firebird 'ISC_PASSWORD' Environment Variable Unauthorized Access Vulnerability
BugTraq ID: 29123
Remote: Yes
Date Published: 2008-05-09
Relevant URL: http://www.securityfocus.com/bid/29123
Summary:
Firebird is prone to a vulnerability that can result in unauthorized database access.

Attackers can exploit this issue to gain 'SYSDBA' user access to affected databases.

Firebird 2.0.3.12981.0 is vulnerable; other versions may also be affected.

NOTE: Reports suggest that this issue may affect only Firebird distributions provided in the Gentoo Linux operating platform.

13. Linux Kernel 'sys_utimensat' Local Denial of Service Vulnerability
BugTraq ID: 29134
Remote: No
Date Published: 2008-05-10
Relevant URL: http://www.securityfocus.com/bid/29134
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

This issue affects kernel versions 2.6.22 through to 2.6.25.2.

14. Nagios Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 29140
Remote: Yes
Date Published: 2008-05-10
Relevant URL: http://www.securityfocus.com/bid/29140
Summary:
Nagios is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

15. SARG Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 29141
Remote: Yes
Date Published: 2008-05-10
Relevant URL: http://www.securityfocus.com/bid/29141
Summary:
SARG is prone to multiple buffer-overflow vulnerabilities.

A remote attacker can exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

16. Debian OpenSSL Package Random Number Generator Weakness
BugTraq ID: 29179
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29179
Summary:
The Debian OpenSSL package is prone to a random-number-generator weakness.

Attackers can exploit this issue to predict random data used to generate encryption keys by certain applications. This may help attackers compromise encryption keys and gain access to sensitive data.

This issue affects only a modified OpenSSL package for Debian prior to version 0.9.8c-4etch3.

17. Xen Para Virtualized Frame Buffer Backend Local Denial of Service Vulnerability
BugTraq ID: 29183
Remote: No
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29183
Summary:
Xen is prone to a local denial of service vulnerability

Successfully exploiting this issue will crash the affected application, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution may be possible, however this has not been confirmed.

18. Xen Para-Virtualized Framebuffer Message Format Denial Of Service Vulnerability
BugTraq ID: 29186
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29186
Summary:
Xen is prone to a denial-of-service vulnerability because the application fails to adequately verify the format of user-supplied data.

An attacker can leverage this issue to cause denial-of-service conditions, or compromise the privileged domain (dom0).

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Blackhat USA

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

No comments:

Blog Archive