News

Loading...

Thursday, July 03, 2008

SecurityFocus Linux Newsletter #396

SecurityFocus Linux Newsletter #396
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Firing Up Browser Security
2.Racing Against Reversers
II. LINUX VULNERABILITY SUMMARY
1. Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
2. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
3. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
4. Linux Kernel Memory Copy Exception Local Information Disclosure Vulnerability
5. Linux Kernel utrace and ptrace Local Denial of Service Vulnerability
6. Cybozu Garoon Session Fixation and Cross Site Scripting Vulnerabilities
7. Mozilla Firefox Malformed JPEG File Denial of Service Vulnerability
8. Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
9. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
10. Wireshark 1.0.0 Multiple Vulnerabilities
11. HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
12. DC++ Private Message Remote Denial of Service Vulnerability
13. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
14. Mercurial 'patch.py' Directory Traversal Vulnerability
15. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
16. Linux Kernel x86_64 ptrace Local Memory Corruption Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Hardening CentOS
2. BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008)
3. Vulnerability and Patch-Management in Linux (and other Unix)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Firing Up Browser Security
By Federico Biancuzzi
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.

http://www.securityfocus.com/columnists/475

2.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.

http://www.securityfocus.com/columnists/474


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29903
Remote: Yes
Date Published: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29903
Summary:
Ruby is prone to multiple vulnerabilities including four integer-overflow issues and an issue caused by insecure memory-allocation use of 'alloca()'.

Successful exploits allow attackers to run arbitrary code in the context of applications implemented with Ruby. Failed exploit attempts may result in denial-of-service conditions.

2. Red Hat SBLIM Insecure Library Path Local Privilege Escalation Vulnerability
BugTraq ID: 29913
Remote: No
Date Published: 2008-06-24
Relevant URL: http://www.securityfocus.com/bid/29913
Summary:
Red Hat Linux SBLIM packages are prone to a local privilege-escalation vulnerability because they were built with insecure library search paths.

Exploiting this issue allows local attackers to execute arbitrary code with the privileges of the user running the affected application.

SBLIM packages built and shipped with the following versions of Red Hat are affected:

Red Hat Enterprise Linux Workstation 5
Red Hat Desktop 4
Red Hat Enterprise Linux 5 server
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux ES 4
Red Hat Enterprise Linux WS 4

3. Linux Kernel 32-bit/64bit Emulation Local Information Disclosure Vulnerability
BugTraq ID: 29942
Remote: No
Date Published: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29942
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successfully exploiting this issue may allow attackers to gain access to uninitialized and potentially sensitive data. Information obtained may lead to other attacks.

4. Linux Kernel Memory Copy Exception Local Information Disclosure Vulnerability
BugTraq ID: 29943
Remote: No
Date Published: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29943
Summary:
The Linux kernel is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

Versions prior to Linux kernel 2.6.19 are vulnerable.

5. Linux Kernel utrace and ptrace Local Denial of Service Vulnerability
BugTraq ID: 29945
Remote: No
Date Published: 2008-06-25
Relevant URL: http://www.securityfocus.com/bid/29945
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability caused by a race condition.

Attackers can exploit this issue to cause the kernel to become unresponsive, denying service to legitimate users.

6. Cybozu Garoon Session Fixation and Cross Site Scripting Vulnerabilities
BugTraq ID: 29981
Remote: Yes
Date Published: 2008-06-27
Relevant URL: http://www.securityfocus.com/bid/29981
Summary:
Cybozu Garoon is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability.

An attacker may leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker may exploit the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Cybozu Garoon 2.1.3 and prior versions are vulnerable.

7. Mozilla Firefox Malformed JPEG File Denial of Service Vulnerability
BugTraq ID: 29984
Remote: Yes
Date Published: 2008-06-27
Relevant URL: http://www.securityfocus.com/bid/29984
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

This issue affects Firefox 3 running on Ubuntu Linux 8.04; other versions running on different platforms may also be affected.

8. Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution Vulnerability
BugTraq ID: 29988
Remote: Yes
Date Published: 2008-06-27
Relevant URL: http://www.securityfocus.com/bid/29988
Summary:
Sun Java System Access Manager is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the Access Manager application.

9. Linux kernel 'sctp_getsockopt_local_addrs_old() ' function Local Buffer Overflow Vulnerability
BugTraq ID: 29990
Remote: No
Date Published: 2008-06-27
Relevant URL: http://www.securityfocus.com/bid/29990
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of the issue, arbitrary code execution may also be possible, but this has not been confirmed.

10. Wireshark 1.0.0 Multiple Vulnerabilities
BugTraq ID: 30020
Remote: Yes
Date Published: 2008-06-30
Relevant URL: http://www.securityfocus.com/bid/30020
Summary:
Wireshark is prone to multiple vulnerabilities, including an information-disclosure issue and denial-of-service issues.

Exploiting these issues may allow attackers to obtain potentially sensitive information, cause crashes, and deny service to legitimate users of the application. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.5 up to and including 1.0.0.

11. HP System Management Homepage (SMH) for Linux and Windows Cross Site Scripting Vulnerability
BugTraq ID: 30029
Remote: Yes
Date Published: 2008-07-01
Relevant URL: http://www.securityfocus.com/bid/30029
Summary:
HP System Management Homepage (SMH) is prone to a cross-site scripting vulnerability.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

SMH 2.1.10 and 2.1.11 for Linux and Windows are vulnerable.

12. DC++ Private Message Remote Denial of Service Vulnerability
BugTraq ID: 30037
Remote: Yes
Date Published: 2008-07-01
Relevant URL: http://www.securityfocus.com/bid/30037
Summary:
DC++ is prone to a remote denial-of-service vulnerability because the application fails to handle private messages properly.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects DC++ 0.706 and earlier versions.

13. Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
BugTraq ID: 30038
Remote: Yes
Date Published: 2008-07-01
Relevant URL: http://www.securityfocus.com/bid/30038
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox 2.0.0.14 and prior versions.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- upload arbitrary files to affected computers
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in Firefox 2.0.0.14 and prior versions.

Mozilla Thunderbird is affected by the issues described in Mozilla advisories MFSA 2008-21, MFSA 2008-24, and MFSA 2008-25. Please note that these issues only arise in Thunderbird when JavaScript is enabled. JavaScript is not enabled in the default installation.

14. Mercurial 'patch.py' Directory Traversal Vulnerability
BugTraq ID: 30072
Remote: Yes
Date Published: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30072
Summary:
Mercurial is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to create or overwrite arbitrary files on a computer hosting the affected application.

Mercurial 1.0.1 is vulnerable; other versions may also be affected.

15. Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
BugTraq ID: 30076
Remote: No
Date Published: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30076
Summary:
The Linux kernel is prone to multiple local denial-of-service vulnerabilities.

Attackers can exploit these issues to crash the affected kernel, denying service to legitimate users. Due to the nature of these issues, remote code execution may be possible, but that has not been confirmed.

These issues affect the Linux kernel prior to version 2.6.25.10.

16. Linux Kernel x86_64 ptrace Local Memory Corruption Vulnerability
BugTraq ID: 30077
Remote: No
Date Published: 2008-07-03
Relevant URL: http://www.securityfocus.com/bid/30077
Summary:
The Linux Kernel is prone to a memory-corruption vulnerability because it fails to properly bounds-check user-supplied input. The issue affects x86_64 ptrace and causes an overflow that subsequently results in the insecure freeing of a structure.

An attacker may exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

Linux Kernel prior to 2.6.25.10 is vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Hardening CentOS
http://www.securityfocus.com/archive/91/493893

2. BA-Con 2008 CFP - Buenos Aires, Sept. 30 / Oct. 1 (closes July 11 2008)
http://www.securityfocus.com/archive/91/493743

3. Vulnerability and Patch-Management in Linux (and other Unix)
http://www.securityfocus.com/archive/91/493478

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.

www.blackhat.com

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive