News

Thursday, October 30, 2008

SecurityFocus Linux Newsletter #413

SecurityFocus Linux Newsletter #413
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day.
Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6MII


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. LINUX VULNERABILITY SUMMARY
1. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
2. F-Secure Multiple Products RPM File Integer Overflow Vulnerability
3. Linux Kernel SCTP Protocol Violation Remote Denial of Service Vulnerability
4. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
5. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
6. Mantis 'string_api.php' Issue Number Information Disclosure Vulnerability
7. 'imlib2' Library Multiple Unspecified Vulnerabilities
8. 'libspf2' DNS TXT Record Handling Remote Buffer Overflow Vulnerability
9. Linux Kernel 'do_splice_from()' Local Security Bypass Vulnerability
10. eCryptfs Password Information Disclosure Vulnerability
11. Linux Kernel 'proc_do_xprt()' Local Buffer Overflow Vulnerability
12. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. ANNOUNCE: New iptables(8) firewall script release, many new features
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483

2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 31838
Remote: Yes
Date Published: 2008-10-20
Relevant URL: http://www.securityfocus.com/bid/31838
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.10.3 up to and including 1.0.3.

2. F-Secure Multiple Products RPM File Integer Overflow Vulnerability
BugTraq ID: 31846
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31846
Summary:
Multiple F-Secure products are prone to an integer-overflow vulnerability because the applications fail to properly handle malformed RPM files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable applications. Failed exploit attempts will likely cause denial-of-service conditions.

3. Linux Kernel SCTP Protocol Violation Remote Denial of Service Vulnerability
BugTraq ID: 31848
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31848
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle SCTP protocol violations.

Attackers can exploit this issue to cause a kernel panic, denying service to legitimate users.

Versions prior to Linux kernel 2.6.27 are vulnerable.

4. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
BugTraq ID: 31856
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31856
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.

Successful exploits may allow attackers to obtain sensitive information or cause a denial-of-service condition.

Versions prior to DB2 9.1 Fixpak 6 are affected.

5. GNU Enscript 'src/psgen.c' Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31858
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31858
Summary:
GNU Enscript is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

GNU Enscript 1.6.1 and 1.6.4 (beta) are vulnerable; other versions may also be affected.

6. Mantis 'string_api.php' Issue Number Information Disclosure Vulnerability
BugTraq ID: 31868
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31868
Summary:
Mantis is prone to an information-disclosure vulnerability because the application fails to protect private information.

Attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.

Versions prior to Mantis 1.1.3 are vulnerable.

7. 'imlib2' Library Multiple Unspecified Vulnerabilities
BugTraq ID: 31880
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31880
Summary:
The 'imlib2' Library is prone to multiple unspecified vulnerabilities.

Very few details are available. We will update this BID as more information emerges.

Theses issues affect versions prior to 'imlib2' 1.4.2.

8. 'libspf2' DNS TXT Record Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 31881
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31881
Summary:
The 'libspf2' library is prone to a remote buffer-overflow vulnerability that stems from a lack of bounds checking when handling specially crafted DNS TXT records.

Remote attackers may exploit this issue to execute arbitrary code in the context of an application using a vulnerable version of the library.

Versions prior to 'libspf2' 1.2.8 are affected.

9. Linux Kernel 'do_splice_from()' Local Security Bypass Vulnerability
BugTraq ID: 31903
Remote: No
Date Published: 2008-10-24
Relevant URL: http://www.securityfocus.com/bid/31903
Summary:
The Linux kernel is prone to a local security-bypass vulnerability because the 'do_splice_from()' function fails to correctly reject file descriptors when performing certain file operations.

Attackers can exploit this issue to bypass restrictions on append mode when updating files to update arbitrary locations in the file.

Versions prior to Linux kernel 2.6.27 are vulnerable.

10. eCryptfs Password Information Disclosure Vulnerability
BugTraq ID: 31906
Remote: No
Date Published: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31906
Summary:
eCryptfs is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks.

11. Linux Kernel 'proc_do_xprt()' Local Buffer Overflow Vulnerability
BugTraq ID: 31937
Remote: No
Date Published: 2008-10-27
Relevant URL: http://www.securityfocus.com/bid/31937
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Local attackers can exploit this issue to crash the affected kernel, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects Linux kernel 2.6.24-git13 through 2.6.26.4.

12. OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31962
Remote: Yes
Date Published: 2008-10-29
Relevant URL: http://www.securityfocus.com/bid/31962
Summary:
OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files.

Remote attackers can exploit these issues by enticing victims into opening maliciously crafted EMF or WMF files.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

The issues affect OpenOffice 2 prior to 2.4.2.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. ANNOUNCE: New iptables(8) firewall script release, many new features
http://www.securityfocus.com/archive/91/497568

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day.
Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6MII

No comments:

Blog Archive