News

Monday, August 25, 2008

SecurityFocus Linux Newsletter #403

SecurityFocus Linux Newsletter #403
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

You can now initiate and utilize IronKey flash drives on Linux operating systems based on kernel 2.6 and above.
IronKey uses military-grade AES hardware encryption and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. LINUX VULNERABILITY SUMMARY
1. RETIRED: mktemp Predictable Temporary Filename Vulnerability
2. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
3. VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability
4. EchoVNC Remote Buffer Overflow Vulnerability
5. libxml2 Recursive Entity Remote Denial of Service Vulnerability
6. Red Hat OpenSSH Backdoor Vulnerability
7. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
8. VLC Media Player 'mmstu.c' MMS Protocol Handling Buffer Overflow Vulnerability
9. GPicView Multiple Local Security Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. RETIRED: mktemp Predictable Temporary Filename Vulnerability
BugTraq ID: 30701
Remote: No
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30701
Summary:
mktemp may create temporary files with names based on the current process ID. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Attackers may be able to gain elevated privileges.

This vulnerability exists in Todd Miller's mktemp 1.5; other versions may also be vulnerable. GNU coreutils mktemp is not currently believed to be vulnerable.

Update 18/08/2008: This issue is retired, as the temporary file is created with 'O_EXCL'; as a result this issue is not exploitable. Attacks may be possible when mktemp is called with the '-u' option, however this is documented as an unsafe mode. Any exploitable use of this script would be a vulnerability in 3rd party scripts, not in 'mktemp' itself.

2. Linux Kernel 'dccp_setsockopt_change()' Remote Denial of Service Vulnerability
BugTraq ID: 30704
Remote: Yes
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30704
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions since Linux kernel 2.6.17-rc1 are vulnerable.

3. VLC Media Player 'demux\tta.c' TTA File Handling Buffer Overflow Vulnerability
BugTraq ID: 30718
Remote: Yes
Date Published: 2008-08-16
Relevant URL: http://www.securityfocus.com/bid/30718
Summary:
VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6i is vulnerable; other versions may also be affected.

4. EchoVNC Remote Buffer Overflow Vulnerability
BugTraq ID: 30722
Remote: Yes
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30722
Summary:
EchoVNC is affected by a remote buffer-overflow vulnerability because the application fails to properly validate user-supplied data before copying it into insufficiently sized buffers.

An attacker may leverage this issue to execute arbitrary code on the affected computer with the privileges of the user running the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects EchoVNC for Linux versions prior to 1.1.2.

5. libxml2 Recursive Entity Remote Denial of Service Vulnerability
BugTraq ID: 30783
Remote: Yes
Date Published: 2008-08-21
Relevant URL: http://www.securityfocus.com/bid/30783
Summary:
The libxml2 library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

6. Red Hat OpenSSH Backdoor Vulnerability
BugTraq ID: 30794
Remote: Yes
Date Published: 2008-08-22
Relevant URL: http://www.securityfocus.com/bid/30794
Summary:
OpenSSH running on Red Hat operating systems are prone to a backdoor vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to download and install a malicious OpenSSH package from a compromised Red Hat software repository or from mirrors that replicated the malicious packages. Successfully exploiting this issue will compromise the affected computer.

This issue affects OpenSSH running on the following operating systems:

Red Hat Enterprise Linux 4 i386
Red Hat Enterprise Linux 4 x86_64
Red Hat Enterprise Linux 5 x86_64

7. Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
BugTraq ID: 30795
Remote: Yes
Date Published: 2008-08-19
Relevant URL: http://www.securityfocus.com/bid/30795
Summary:
Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Vim 7.2 is vulnerable; other versions may also be affected.

8. VLC Media Player 'mmstu.c' MMS Protocol Handling Buffer Overflow Vulnerability
BugTraq ID: 30806
Remote: Yes
Date Published: 2008-08-24
Relevant URL: http://www.securityfocus.com/bid/30806
Summary:
VLC media player is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VLC media player 0.8.6i is vulnerable; other versions may also be affected.

9. GPicView Multiple Local Security Vulnerabilities
BugTraq ID: 30819
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30819
Summary:
GPicView is affected by multiple local security vulnerabilities. These issues include creating insecure temporary files, and two vulnerabilities that may allow attackers to overwrite arbitrary files. These issues arise due to a design error that permits files to be saved without user verification.

An attacker may leverage these issues to overwrite arbitrary files with the privileges of the user running the application.

GPicView 0.1.9 is vulnerable; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

You can now initiate and utilize IronKey flash drives on Linux operating systems based on kernel 2.6 and above.
IronKey uses military-grade AES hardware encryption and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

No comments:

Blog Archive