News

Thursday, October 09, 2008

SecurityFocus Linux Newsletter #410

SecurityFocus Linux Newsletter #410
----------------------------------------

This issue is Sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Vice of Vice Presidential E-Mail
2.Blaming the Good Samaritan
II. LINUX VULNERABILITY SUMMARY
1. JasPer 1.900.1 Multiple Vulnerabilities
2. pam_krb5 Existing Ticket Configuration Option Local Privilege Escalation Vulnerability
3. Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability
4. libxml2 Denial of Service Vulnerability
5. Linux Kernel LDT Selector Local Privilege Escalation and Denial of Service Vulnerability
6. Linux Kernel 'generic_file_splice_write()' Local Privilege Escalation Vulnerability
7. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
8. Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability
9. Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
10. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
11. Condor Prior to 7.0.5 Multiple Security Vulnerabilities
12. Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability
13. Drupal Multiple Modules Security Bypass Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Vice of Vice Presidential E-Mail
By Mark Rasch
Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
http://www.securityfocus.com/columnists/482

2.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. JasPer 1.900.1 Multiple Vulnerabilities
BugTraq ID: 31470
Remote: Yes
Date Published: 2008-09-29
Relevant URL: http://www.securityfocus.com/bid/31470
Summary:
JasPer is prone to multiple vulnerabilities, including a buffer-overflow vulnerability, a temporary file race condition, and multiple integer-overflow vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the software. Failed exploit attempts are likely to cause denial-of-service conditions.

JasPer 1.900.1 is vulnerable; other versions may also be affected.

2. pam_krb5 Existing Ticket Configuration Option Local Privilege Escalation Vulnerability
BugTraq ID: 31534
Remote: No
Date Published: 2008-10-02
Relevant URL: http://www.securityfocus.com/bid/31534
Summary:
The 'pam_krb5' module is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on the affected computer.

3. Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 31536
Remote: No
Date Published: 2008-10-02
Relevant URL: http://www.securityfocus.com/bid/31536
Summary:
Fedora 8 and 9 Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Note that this issue does not affect upstream kernel versions. Only the following Fedora distributions are affected:

Fedora 8 prior to kernel-2.6.26.5-28
Fedora 9 prior to kernel-2.6.26.5-45

4. libxml2 Denial of Service Vulnerability
BugTraq ID: 31555
Remote: Yes
Date Published: 2008-10-02
Relevant URL: http://www.securityfocus.com/bid/31555
Summary:
The libxml2 library is prone to a denial-of-service vulnerability caused by an error when handling files using entities in entity definitions.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

The issue affects libxml2 2.7 prior to 2.7.2.

5. Linux Kernel LDT Selector Local Privilege Escalation and Denial of Service Vulnerability
BugTraq ID: 31565
Remote: No
Date Published: 2008-10-03
Relevant URL: http://www.securityfocus.com/bid/31565
Summary:
The Linux kernel is prone to a local vulnerability that may result in privilege escalation or a denial of service. This issue involves LDT (Local Descriptor Table) selectors in the VMI (Virtual Machine Interface).

Successfully exploiting this issue allows local attackers to trigger kernel crashes, denying service to legitimate users. Attackers can also use LDT selector functions to gain elevated privileges. This can result in the complete compromise of the VMI guest.

Versions prior to the Linux kernel 2.6.27-rc8-git5 running as a VMI guest are vulnerable.

6. Linux Kernel 'generic_file_splice_write()' Local Privilege Escalation Vulnerability
BugTraq ID: 31567
Remote: No
Date Published: 2008-10-03
Relevant URL: http://www.securityfocus.com/bid/31567
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability related to the 'generic_file_splice_write()' function.

Local attackers can exploit this issue to gain superuser privileges. Successful exploits will result in the complete compromise of the computer.

Versions prior to Linux kernel 2.6.19-rc3 are vulnerable.

7. Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
BugTraq ID: 31587
Remote: Yes
Date Published: 2008-10-05
Relevant URL: http://www.securityfocus.com/bid/31587
Summary:
Dovecot is prone to multiple security-bypass vulnerabilities affecting the ACL plugin.

Attackers can exploit these issues to bypass certain mailbox restrictions and obtain potentially sensitive data; other attacks are also possible.

These issues affect versions prior to Dovecot 1.1.4.

8. Lighttpd URI Rewrite/Redirect Information Disclosure Vulnerability
BugTraq ID: 31599
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31599
Summary:
Lighttpd is prone to an information-disclosure vulnerability because it performs redirect operations on URIs before decoding them.

Attackers can exploit this issue to bypass expected filters or rewrite rules and may gain unauthorized access to certain resources. Other attacks may also be possible.

Versions prior to Lighttpd 1.4.20 are vulnerable.

9. Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
BugTraq ID: 31600
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31600
Summary:
The 'lighttpd' program is prone to a security-bypass vulnerability that occurs in the 'mod_userdir' module.

Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive information. This may lead to other attacks.

Versions prior to 'lighttpd' 1.4.20 are vulnerable.

10. PHP FastCGI Module File Extension Denial Of Service Vulnerabilities
BugTraq ID: 31612
Remote: Yes
Date Published: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31612
Summary:
PHP is prone to a denial-of-service vulnerability because the application fails to handle certain file requests.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

PHP 4.4 prior to 4.4.9 and PHP 5.2 through 5.2.6 are vulnerable.

11. Condor Prior to 7.0.5 Multiple Security Vulnerabilities
BugTraq ID: 31621
Remote: Yes
Date Published: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31621
Summary:
Condor is prone to multiple vulnerabilities, including:

- A privilege-escalation issue related to job submission
- A stack-based buffer-overflow vulnerability in 'cron-schedd'
- A denial-of-service vulnerability in 'cron-schedd'
- An access-validation vulnerability

These issues affect versions prior to Condor 7.0.5.

12. Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service Vulnerability
BugTraq ID: 31634
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31634
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle mismatched SCTP AUTH extension settings between peers.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.27-rc6-git6 are vulnerable.

13. Drupal Multiple Modules Security Bypass Vulnerabilities
BugTraq ID: 31660
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31660
Summary:
Multiple Drupal Modules are prone to security-bypass vulnerabilities that may allow attackers to gain access to administrative or sensitive areas of the application without the appropriate privileges

This issue affects version prior to the following packages:

- Live module 6.x before version 6.x-1.0
- AJAX Picture Preview module 6.x before version 6.x-1.2
- Admin:hover module 6.x-1.x-dev before 2008-Oct-08
- Banner Rotor Module before version 6.x-1.3
- Creative Commons Lite module 6.x before version 6.x-1.1
- Keyboard shortcut utilty module 6.x before version 6.x-1.1
- LiveJournal CrossPoster module 6.x before version 6.x-1.4
- Taxonomy import/export via XML module 6.x before version 6.x-1.2
- User Referral module 6.x-1.x-dev before 2008-Oct-08

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by IBM® Rational® AppScan

Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r

No comments:

Blog Archive