News

Monday, August 18, 2008

SecurityFocus Linux Newsletter #402

SecurityFocus Linux Newsletter #402
----------------------------------------

This issue is sponsored by Offensive Security

From one of the creators of BackTrack comes a series of intense, 5-day, live training sessions that will change the way you view security.
No more theory, no more talking - these hands-on classes will not just discuss why but will show you HOW.
Join the Offensive Security training team for some of the best security training in the market today.
http://www.offensive-security.com/seccourse.php


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. LINUX VULNERABILITY SUMMARY
1. Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
2. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
3. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
4. Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability
5. HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities
6. Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
7. Red Hat yum-rhn-plugin RHN Updates Denial of Service Vulnerability
8. xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
9. mktemp Predictable Temporary Filename Vulnerability
10. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
11. EchoVNC Remote Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. root shell auditing
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
BugTraq ID: 30644
Remote: Yes
Date Published: 2008-08-11
Relevant URL: http://www.securityfocus.com/bid/30644
Summary:
Ruby is prone to multiple vulnerabilities that can be leveraged to bypass security restrictions or cause cause a denial of service. These issues include:

- Multiple security-bypass vulnerabilities due to errors in 'safe level' restriction implementation. These issues can be leveraged to make insecure function calls and perform 'Syslog' operations.

- An error affecting 'WEBrick::HHTP::DefaultFileHandler' can exhaust system resources and deny service to legitimate users.

- A flaw in 'dl' that can allow attackers to call unauthorized functions.

Attackers can exploit these issues to perform unauthorized actions on affected applications. This may aid in compromising the application and possibly the underlying computers. Attackers can also cause denial-of-service conditions.

These issues affect Ruby 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423. Prior versions are also vulnerable.

2. Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability
BugTraq ID: 30647
Remote: No
Date Published: 2008-08-11
Relevant URL: http://www.securityfocus.com/bid/30647
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting the VFS behavior in UBIFS (UBI File System).

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

3. Amarok 'MagnatuneBrowser::listDownloadComplete()' Insecure Temporary File Creation Vulnerability
BugTraq ID: 30662
Remote: No
Date Published: 2008-08-12
Relevant URL: http://www.securityfocus.com/bid/30662
Summary:
A report indicates that Amarok may create temporary files in an insecure manner. These findings have not yet been corroborated.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

Amarok 1.4.9.1 is affected; other versions may also be vulnerable.

4. Sun Java System Web Proxy Server FTP Subsystem Denial of Service Vulnerability
BugTraq ID: 30671
Remote: Yes
Date Published: 2008-08-12
Relevant URL: http://www.securityfocus.com/bid/30671
Summary:
Sun Java System Web Proxy Server is prone to a denial-of-service vulnerability caused by an unspecified error in the FTP subsystem.

An unprivileged attacker can exploit this issue to prevent the proxy server from accepting new connections, resulting in denial-of-service conditions.

This issue affects Sun Java System Web Proxy Server 4.0 through 4.0.5 for SPARC, x86, Linux, Windows and HP-UX platforms.

5. HP Linux Imaging and Printing System Privilege Escalation And Denial Of Service Vulnerabilities
BugTraq ID: 30683
Remote: No
Date Published: 2008-08-12
Relevant URL: http://www.securityfocus.com/bid/30683
Summary:
HP Linux Imaging and Printing System (HPLIP) is prone to multiple vulnerabilities, including privilege-escalation and denial-of-service issues.

Exploiting the privilege-escalation vulnerability may allow attackers to perform certain actions with elevated privileges. Successful exploits of the denial-of-service issue will cause the 'hpssd' process to crash, denying service to legitimate users.

These issues affect HPLIP 1.6.7; other versions may also be affected.

6. Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
BugTraq ID: 30691
Remote: No
Date Published: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30691
Summary:
Postfix is prone to a local privilege-escalation vulnerability and a local information-disclosure vulnerability.

Local attackers can exploit this issue to read other users mail or execute arbitrary commands with superuser privileges.

Versions prior to Postfix 2.5.4 Patchlevel 4 are vulnerable.

7. Red Hat yum-rhn-plugin RHN Updates Denial of Service Vulnerability
BugTraq ID: 30695
Remote: Yes
Date Published: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30695
Summary:
The Red Hat yum-rhn-plugin is prone to a denial-of-service vulnerability because it fails to adequately validate communication with Red Hat Network (RHN) servers.

Attackers can exploit this issue to deny users from accessing to security updates. This can provide a window of opportunity for an attacker to exploit a vulnerability addressed by a security update.

NOTE: This issue can not be leveraged to install malicious packages because packages signatures are still verified prior to installation.

8. xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 30698
Remote: Yes
Date Published: 2008-08-14
Relevant URL: http://www.securityfocus.com/bid/30698
Summary:
The 'xine-lib' library is prone to multiple remote buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library. Failed attacks will cause denial-of-service conditions.

Versions of 'xine-lib' prior to 1.1.15 are affected.

9. mktemp Predictable Temporary Filename Vulnerability
BugTraq ID: 30701
Remote: No
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30701
Summary:
mktemp may create temporary files with names based on the current process ID. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Attackers may be able to gain elevated privileges.

This vulnerability exists in Todd Miller's mktemp 1.5; other versions may also be vulnerable. GNU coreutils mktemp is not currently believed to be vulnerable.

10. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions since Linux kernel 2.6.17-rc1 are vulnerable.

11. EchoVNC Remote Buffer Overflow Vulnerability
BugTraq ID: 30722
Remote: Yes
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30722
Summary:
EchoVNC is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied data before copying it into insufficiently sized buffers.

An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects EchoVNC for Linux versions prior to 1.1.2.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. root shell auditing
http://www.securityfocus.com/archive/91/494849

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Offensive Security

From one of the creators of BackTrack comes a series of intense, 5-day, live training sessions that will change the way you view security.
No more theory, no more talking - these hands-on classes will not just discuss why but will show you HOW.
Join the Offensive Security training team for some of the best security training in the market today.
http://www.offensive-security.com/seccourse.php

No comments:

Blog Archive