News

Loading...

Thursday, November 13, 2008

SecurityFocus Linux Newsletter #414

SecurityFocus Linux Newsletter #414
----------------------------------------

This issue is sponsored by IronKey:

IronKey flash drives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. LINUX VULNERABILITY SUMMARY
1. Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability
2. htop Hidden Process Name Input Filtering Vulnerability
3. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
4. Linux Kernel 'hfsplus_block_allocate()' Local Denial of Service Vulnerability
5. Linux Kernel VDSO Unspecified Privilege Escalation Vulnerability
6. Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
7. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
8. libcdaudio 'cddb.c' Remote Heap Buffer Overflow Vulnerability
9. Adobe Flash Player Multiple Security Vulnerabilities
10. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
11. cluster Multiple Insecure Temporary File Creation Vulnerabilities
12. MoinMoin Cross-Site Scripting and Information Disclosure Vulnerabilities
13. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
14. Yosemite Backup 'DtbClsLogin()' Remote Buffer Overflow Vulnerability
15. Trend Micro ServerProtect Multiple Remote Vulnerabilities
16. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
17. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483

2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability
BugTraq ID: 30035
Remote: Yes
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/30035
Summary:
Adobe Reader is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users.

2. htop Hidden Process Name Input Filtering Vulnerability
BugTraq ID: 32081
Remote: No
Date Published: 2008-11-03
Relevant URL: http://www.securityfocus.com/bid/32081
Summary:
The 'htop' program is prone to an input-filtering vulnerability that can result in hidden process names.

An attacker can exploit this issue to hide potentially malicious processes, resulting in a false sense of security. This may also aid in launching further attacks against the underlying shell.

This issue affects htop 0.7; other versions may also be affected.

3. Linux Kernel 'hfsplus_find_cat()' Local Denial of Service Vulnerability
BugTraq ID: 32093
Remote: No
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/32093
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.28-rc1.

4. Linux Kernel 'hfsplus_block_allocate()' Local Denial of Service Vulnerability
BugTraq ID: 32096
Remote: No
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/32096
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly check return values before proceeding with further operations.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.28-rc1.

5. Linux Kernel VDSO Unspecified Privilege Escalation Vulnerability
BugTraq ID: 32099
Remote: No
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/32099
Summary:
The Linux Kernel is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to gain elevated privileges or to create a denial-of-service condition.

Versions prior to the Linux kernel 2.6.20-git5 are vulnerable.

6. Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
BugTraq ID: 32100
Remote: Yes
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/32100
Summary:
Adobe Acrobat and Reader are prone to multiple security vulnerabilities:

1. Multiple remote code-execution vulnerabilities.
2. A privilege-escalation vulnerability affecting computers running Unix-like operating systems.
3. An input-validation issue in a JavaScript method may lead to remote code execution.

Attackers can exploit these issues to execute arbitrary code, elevate privileges, or cause a denial-of-service condition.

7. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 32105
Remote: Yes
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/32105
Summary:
NOS Microsystems getPlus Download Manager ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

The following applications use the getPlus Download Manager:

Adobe Acrobat Professional
Adobe Acrobat Reader

getPlus Download Manager 1.2.2.50 is vulnerable; other versions may also be affected.

8. libcdaudio 'cddb.c' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 32122
Remote: Yes
Date Published: 2008-11-05
Relevant URL: http://www.securityfocus.com/bid/32122
Summary:
The 'libcdaudio' library is prone to a remote heap buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions.

This issue affects libcdaudio 0.99.12p2; other versions may also be affected. Additional applications that use this library may also be vulnerable.

9. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 32129
Remote: Yes
Date Published: 2008-11-06
Relevant URL: http://www.securityfocus.com/bid/32129
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, or execute arbitrary script code in the context of the application. Other attacks may also be possible.

These issues affect Flash Player 9.0.124.0 and prior versions.

10. Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
BugTraq ID: 32154
Remote: No
Date Published: 2008-11-06
Relevant URL: http://www.securityfocus.com/bid/32154
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

The Linux kernel 2.6.26 and prior versions are affected.

11. cluster Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 32179
Remote: No
Date Published: 2008-11-07
Relevant URL: http://www.securityfocus.com/bid/32179
Summary:
Multiple components of the 'cluster' program may allow attackers to create temporary files in an insecure manner.

An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

These issues affect versions prior to cluster 2.03.09.

12. MoinMoin Cross-Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 32208
Remote: Yes
Date Published: 2008-11-09
Relevant URL: http://www.securityfocus.com/bid/32208
Summary:
MoinMoin is prone to cross-site scripting and information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or other sensitive information and to launch other attacks.

MoinMoin 1.5.9 and 1.8.0 are vulnerable; other versions may also be affected.

13. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Date Published: 2008-11-10
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may feel a false sense of security which can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

14. Yosemite Backup 'DtbClsLogin()' Remote Buffer Overflow Vulnerability
BugTraq ID: 32246
Remote: Yes
Date Published: 2008-11-11
Relevant URL: http://www.securityfocus.com/bid/32246
Summary:
Yosemite Backup is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

NOTE: Reportedly successful exploits allow remote code execution on Linux systems and denial of service on Windows systems.

Yosemite Backup 8.70 is vulnerable; other versions may also be affected.

15. Trend Micro ServerProtect Multiple Remote Vulnerabilities
BugTraq ID: 32261
Remote: Yes
Date Published: 2008-11-11
Relevant URL: http://www.securityfocus.com/bid/32261
Summary:
Trend Micro ServerProtect is prone to multiple remote vulnerabilities, including an authentication bypass vulnerability and multiple heap-based buffer-overflow vulnerabilities.

Few technical details are currently available. We will update this BID as more information emerges.

Successfully exploiting the buffer-overflow issues may allow the attacker to execute arbitrary code with SYSTEM-level privileges or crash the affected application, denying service to legitimate users. Successfully exploiting the authentication-bypass vulnerability will allow the attacker administrative access to the vulnerable application.

Trend Micro ServerProtect versions 5.58 and 5.7 are vulnerable; additional versions may also be affected.

16. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32281
Remote: Yes
Date Published: 2008-11-13
Relevant URL: http://www.securityfocus.com/bid/32281
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird and SeaMonkey.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in the following applications

- Mozilla Firefox 3.0.3 and prior
- Mozilla Firefox 2.0.0.17 and prior
- Mozilla Thunderbird: 2.0.0.17 and prior
- Mozilla SeaMonkey 1.1.13 and prior

17. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
BugTraq ID: 32289
Remote: No
Date Published: 2008-11-13
Relevant URL: http://www.securityfocus.com/bid/32289
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.27.6.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IronKey:

IronKey flash drives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive