News

Thursday, July 17, 2008

SecurityFocus Linux Newsletter #398

SecurityFocus Linux Newsletter #398
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. LINUX VULNERABILITY SUMMARY
1. Poppler PDF Rendering Library Page Class Remote Code Execution Vulnerability
2. Multiple Sophos Products MIME Attachments Denial of Service Vulnerability
3. Linux Kernel 'do_change_type()' Local Security Bypass Vulnerability
4. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
5. Sun Java Runtime Environment Virtual Machine Privilege Escalation Vulnerability
6. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
7. Sun Java Runtime Environment Multiple Security Vulnerabilities
8. Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
9. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
10. Sun Java Web Start Multiple Vulnerabilities
11. Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
12. Wireshark 1.0.1 Denial of Service Vulnerability
13. php Help Agent 'head_chat.inc.php' Local File Include Vulnerability
14. Mozilla Firefox URI Splitting Security Bypass Vulnerability
15. Afuse 'afuse.c' Shell Command Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Hardening CentOS
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Poppler PDF Rendering Library Page Class Remote Code Execution Vulnerability
BugTraq ID: 30107
Remote: Yes
Date Published: 2008-07-07
Relevant URL: http://www.securityfocus.com/bid/30107
Summary:
The Poppler PDF rendering library is prone to a remote code-execution vulnerability because the software fails to properly initialize a memory pointer.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the library. Failed exploit attempts likely result in denial-of-service conditions.

Poppler 0.8.4 is vulnerable to this issue; other versions may also be affected.

2. Multiple Sophos Products MIME Attachments Denial of Service Vulnerability
BugTraq ID: 30110
Remote: Yes
Date Published: 2008-07-09
Relevant URL: http://www.securityfocus.com/bid/30110
Summary:
Multiple Sophos Products are prone to a denial-of-service vulnerability when scanning certain MIME attachments.

Attackers can leverage this issue to cause multiple terminations of the affected products and deny service to legitimate users.

NOTE: The vendor states that this issue occurs only when the applications are running on Linux or UNIX.

Sophos Email Appliance and Pure Message for UNIX instances that are using 4.30 virus data/2.74 engine are affected.

The Sophos Anti-Virus Interface (SAVI) is also affected.

3. Linux Kernel 'do_change_type()' Local Security Bypass Vulnerability
BugTraq ID: 30126
Remote: No
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30126
Summary:
The Linux kernel is prone to a local security-bypass vulnerability because the 'do_change_type()' routine fails to adequately verify user permissions before performing mountpoint type changes.

Attackers can exploit this issue to bypass security restrictions and change mountpoint types. Attackers could mark private mounts as sharable to gain access to potentially sensitive information. Other attacks are also possible.

Linux kernel 2.6.15-rc1 to 2.6.21 are vulnerable.

4. Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
BugTraq ID: 30140
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30140
Summary:
Sun Java Runtime Environment is prone to multiple unspecified vulnerabilities that allow attackers to bypass the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets.

An attacker may create a malicious applet that is loaded from a remote system to circumvent network access restrictions.

The following are affected:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.x_22 and earlier

5. Sun Java Runtime Environment Virtual Machine Privilege Escalation Vulnerability
BugTraq ID: 30141
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30141
Summary:
Sun Java Runtime Environment Virtual Machine is prone to a privilege-escalation vulnerability when running untrusted applications or applets.

Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application in the affected virtual machine. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier

6. Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
BugTraq ID: 30143
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30143
Summary:
Sun Java Runtime Environment is prone to multiple remote vulnerabilities.

An attacker can exploit these issues to obtain sensitive information or crash the affected application, denying service to legitimate users.

These issues affect the following versions on Solaris, Linux, and Windows platforms:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier

7. Sun Java Runtime Environment Multiple Security Vulnerabilities
BugTraq ID: 30144
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30144
Summary:
A privilege-escalation issue and an information-disclosure issue affect multiple implementations of Java Runtime Environment (JRE).

Sun has released an advisory addressing these vulnerabilities in the following software:

JDK and JRE 6 Update 6 and earlier

8. Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access Vulnerability
BugTraq ID: 30146
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30146
Summary:
JMX is prone to an unspecified unauthorized-access vulnerability.

The vulnerability allows a JMX client to perform unauthorized actions on a computer running JMX with local monitoring enabled.

The issue affects the following versions for Windows, Solaris, and Linux:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier

9. Sun Java Runtime Environment Font Processing Buffer Overflow Vulnerability
BugTraq ID: 30147
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30147
Summary:
Sun Java Runtime Environment is prone to a buffer-overflow vulnerability when running untrusted applications or applets.

Successful exploits may allow attackers to read, write, or execute arbitrary local files in the context of the user running an untrusted application. This may result in a compromise of the underlying system.

This issue affects the following versions on Solaris, Windows, and Linux:

JDK and JRE 5.0 Update 9 and earlier
SDK and JRE 1.4.2_17 and earlier
SDK and JRE 1.3.1_22 and earlier

10. Sun Java Web Start Multiple Vulnerabilities
BugTraq ID: 30148
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30148
Summary:
Sun Java Web Start is prone to multiple vulnerabilities, including buffer-overflow, privilege-escalation, and information-disclosure issues.

Successful exploits may allow attackers to execute arbitrary code, obtain information, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier

11. Oracle July 2008 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 30177
Remote: Yes
Date Published: 2008-07-10
Relevant URL: http://www.securityfocus.com/bid/30177
Summary:
Oracle has released the July 2008 Critical Patch Update that addresses 44 new vulnerabilities affecting the following products:

Oracle Database
Oracle TimesTen In-Memory Database
Oracle Application Server
Oracle E-Business Suite and Application
Oracle Enterprise Manager
Oracle PeopleSoft Enterprise
Oracle BEA Products

12. Wireshark 1.0.1 Denial of Service Vulnerability
BugTraq ID: 30181
Remote: Yes
Date Published: 2008-07-10
Relevant URL: http://www.securityfocus.com/bid/30181
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application.

This issue affects Wireshark 0.8.19 to 1.0.1.

13. php Help Agent 'head_chat.inc.php' Local File Include Vulnerability
BugTraq ID: 30240
Remote: Yes
Date Published: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/30240
Summary:
'php Help Agent' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.

14. Mozilla Firefox URI Splitting Security Bypass Vulnerability
BugTraq ID: 30242
Remote: Yes
Date Published: 2008-07-15
Relevant URL: http://www.securityfocus.com/bid/30242
Summary:
Mozilla Firefox is prone to a security-bypass vulnerability because of a design error.

Exploiting this issue could allow an attacker to bypass certain security restrictions and launch restricted URIs. Specifically, the attacker could use external applications to launch 'chrome:' URIs or to pass certain URIs to Firefox that would normally be handled by a vector application.

The issue affects Firefox 3.0 and versions prior to 2.0.0.16.

15. Afuse 'afuse.c' Shell Command Injection Vulnerability
BugTraq ID: 30245
Remote: No
Date Published: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30245
Summary:
Afuse is prone to a command-injection vulnerability.

Attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the affected application.

Afuse 2.0-2 is vulnerable; prior versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Hardening CentOS
http://www.securityfocus.com/archive/91/493893

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

No comments:

Blog Archive