News

Thursday, November 20, 2008

SecurityFocus Linux Newsletter #415

SecurityFocus Linux Newsletter #415
----------------------------------------

This issue is Sponsored by Symantec

Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.
http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a7c


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Microsoft's Stance on Piracy Affects Us All
2.Clicking to the Past
II. LINUX VULNERABILITY SUMMARY
1. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
2. Yosemite Backup 'DtbClsLogin()' Remote Buffer Overflow Vulnerability
3. Trend Micro ServerProtect Multiple Remote Vulnerabilities
4. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
5. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
6. Ubuntu vm-builder Local Security Bypass Vulnerability
7. OpenSSH CBC Mode Information Disclosure Vulnerability
8. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
9. Linux Kernel 'drivers/media/video/tvaudio.c' Memory Corruption Vulnerability
10. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
11. No-IP Dynamic Update Client for Linux Remote Buffer Overflow Vulnerability
12. Mozilla Firefox Arbitrary Image Cross Domain Security Bypass Vulnerability
13. 'imlib2' Library 'load()' Function Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Microsoft's Stance on Piracy Affects Us All
By Oliver Day
For the last few years, Microsoft has wrestled with their stance on piracy. Pirated operating systems are just like legitimate operating systems in terms of their exposure to vulnerabilities: Users must install patches or they will be compromised.
http://www.securityfocus.com/columnists/484

2.Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Date Published: 2008-11-10
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may be under a false sense of security that can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

2. Yosemite Backup 'DtbClsLogin()' Remote Buffer Overflow Vulnerability
BugTraq ID: 32246
Remote: Yes
Date Published: 2008-11-11
Relevant URL: http://www.securityfocus.com/bid/32246
Summary:
Yosemite Backup is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application or cause a denial-of-service condition.

NOTE: Reports indicate that successful exploits allow remote code execution on Linux systems and denial of service on Windows systems.

Yosemite Backup 8.70 is vulnerable; other versions may also be affected.

3. Trend Micro ServerProtect Multiple Remote Vulnerabilities
BugTraq ID: 32261
Remote: Yes
Date Published: 2008-11-11
Relevant URL: http://www.securityfocus.com/bid/32261
Summary:
Trend Micro ServerProtect is prone to multiple remote vulnerabilities, including an authentication-bypass issue and multiple heap-based buffer-overflow issues.

Few technical details are currently available. We will update this BID as more information emerges.

Successfully exploiting the buffer-overflow issues may allow an attacker to execute arbitrary code with SYSTEM-level privileges or crash the affected application, denying service to legitimate users. Successfully exploiting the authentication-bypass vulnerability will allow the attacker administrative access to the vulnerable application.

Trend Micro ServerProtect 5.58 and 5.7 are vulnerable; additional versions may also be affected.

4. Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
BugTraq ID: 32281
Remote: Yes
Date Published: 2008-11-13
Relevant URL: http://www.securityfocus.com/bid/32281
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Exploiting these issues can allow attackers to:

- steal authentication credentials
- obtain potentially sensitive information
- violate the same-origin policy
- execute scripts with elevated privileges
- cause denial-of-service conditions
- execute arbitrary code

Other attacks are also possible.

These issues are present in the following applications:

Firefox 3.0.3 and prior
Firefox 2.0.0.17 and prior
Thunderbird: 2.0.0.17 and prior
SeaMonkey 1.1.12 and prior

5. Linux Kernel 'hfs_cat_find_brec()' Local Denial of Service Vulnerability
BugTraq ID: 32289
Remote: No
Date Published: 2008-11-13
Relevant URL: http://www.securityfocus.com/bid/32289
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

This issue affects versions prior to Linux kernel 2.6.27.6.

6. Ubuntu vm-builder Local Security Bypass Vulnerability
BugTraq ID: 32292
Remote: No
Date Published: 2008-11-13
Relevant URL: http://www.securityfocus.com/bid/32292
Summary:
Ubuntu 'vm-builder' is prone to a local security-bypass vulnerability.

Successful exploits may allow unauthorized attackers to gain root access on the virtual machine by predicting the password.

This issue affects the following releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

7. OpenSSH CBC Mode Information Disclosure Vulnerability
BugTraq ID: 32319
Remote: Yes
Date Published: 2008-11-14
Relevant URL: http://www.securityfocus.com/bid/32319
Summary:
OpenSSH is prone to an information-disclosure vulnerability.

Successful exploits will allow attackers to obtain four bytes of plaintext from an encrypted session.

OpenSSH 4.7p1 is vulnerable; other versions may also be affected. Various versions of SSH Tectia are also affected.

8. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Date Published: 2008-11-17
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

9. Linux Kernel 'drivers/media/video/tvaudio.c' Memory Corruption Vulnerability
BugTraq ID: 32327
Remote: No
Date Published: 2008-11-15
Relevant URL: http://www.securityfocus.com/bid/32327
Summary:
The Linux kernel is prone to a memory-corruption vulnerability because of insufficient boundary checks.

A successful attack may cause the affected kernel to crash, effectively denying service to legitimate users. The attacker may also be able to execute arbitrary code, but this has not been confirmed.

This issue affects versions prior to the Linux kernel 2.6.28-rc5.

10. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Date Published: 2008-11-17
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

11. No-IP Dynamic Update Client for Linux Remote Buffer Overflow Vulnerability
BugTraq ID: 32344
Remote: Yes
Date Published: 2008-11-18
Relevant URL: http://www.securityfocus.com/bid/32344
Summary:
No-IP Dynamic Update Client (DUC) is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check input messages.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

DUC 2.1.7 for Linux is vulnerable; other versions may also be affected.

12. Mozilla Firefox Arbitrary Image Cross Domain Security Bypass Vulnerability
BugTraq ID: 32351
Remote: Yes
Date Published: 2008-11-18
Relevant URL: http://www.securityfocus.com/bid/32351
Summary:
Mozilla Firefox is prone to a cross-domain security-bypass vulnerability that can allow an attacker to bypass the same-origin policy.

The attacker can exploit this issue to access arbitrary images from other domains.

Versions prior to Firefox 2.0.0.18 are vulnerable.

NOTE: This issue was previously included in BID 32281 'Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities', but has been given its own record to better document the issue.

13. 'imlib2' Library 'load()' Function Buffer Overflow Vulnerability
BugTraq ID: 32371
Remote: Yes
Date Published: 2008-11-14
Relevant URL: http://www.securityfocus.com/bid/32371
Summary:
The 'imlib2' library is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data.

An attacker can exploit this issue to execute arbitrary machine code in the context of applications using the vulnerable library. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects imlib2 1.4.2; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by Symantec

Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.
http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a7c

No comments:

Blog Archive