News

Friday, December 12, 2008

SecurityFocus Linux Newsletter #418

SecurityFocus Linux Newsletter #418
----------------------------------------

This issue is sponsored by Ironkey: The World's Most Secure Flash Drive

You can now initiate and utilize IronKey flash drives on Linux operating systems based on kernel 2.6 and above.
IronKey uses military-grade AES hardware encryption and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. LINUX VULNERABILITY SUMMARY
1. SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
2. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
3. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
4. Ubuntu Privacy Remix S/ATA-Disks Security Bypass Vulnerability
5. RSyslog '$AllowedSender' Configuration Directive Security Bypass Vulnerability
6. Linux Kernel 'parisc_show_stack()' Local Denial of Service Vulnerability
7. Novell Netware ApacheAdmin Security Bypass Vulnerability
8. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
9. Vinagre 'vinarge_utils_show_error()' Function Format String Vulnerability
10. Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
11. Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
12. PHP 'proc_open()' Environment Parameter Safe Mode Restriction-Bypass Vulnerability
13. Avast! Linux Home Edition ISO and RPM File Multiple Buffer Overflow Vulnerabilities
14. Sophos Antivirus For Linux Multiple File Processing Remote Denial Of Service Vulnerabilities
15. AVG Anti-Virus For Linux UPX File Parsing Denial of Service Vulnerability
16. BitDefender Antivirus For Linux Multiple File Processing Remote Denial Of Service Vulnerabilities
17. F-Prot Antivirus for Linux ELF File Scanning Denial of Service Vulnerability
18. Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
BugTraq ID: 32603
Remote: Yes
Date Published: 2008-12-03
Relevant URL: http://www.securityfocus.com/bid/32603
Summary:
SquirrelMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

The vulnerability affects SquirrelMail 1.4.16; other versions may also be affected.
http://drupal.org/node/207891

2. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 32608
Remote: Yes
Date Published: 2008-12-03
Relevant URL: http://www.securityfocus.com/bid/32608
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions prior to the following:

JDK and JRE 6 Update 11 or later
JDK and JRE 5.0 Update 17 or later
SDK and JRE 1.4.2_19 or later
SDK and JRE 1.3.1_24 or later

3. Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
BugTraq ID: 32620
Remote: Yes
Date Published: 2008-12-03
Relevant URL: http://www.securityfocus.com/bid/32620
Summary:
Sun Java Web Start and Java Plug-in are prone to multiple privilege-escalation vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security, or read, write, and execute arbitrary files in the context of the user running a vulnerable application. This may result in a compromise of the underlying system.

This issue affects the following versions:

JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
SDK and JRE 1.4.2_18 and earlier
SDK and JRE 1.3.1_23 and earlier

4. Ubuntu Privacy Remix S/ATA-Disks Security Bypass Vulnerability
BugTraq ID: 32629
Remote: No
Date Published: 2008-12-04
Relevant URL: http://www.securityfocus.com/bid/32629
Summary:
Ubuntu Privacy Remix (UPR) is prone to a security-bypass vulnerability that may allow attackers to modify the operating system.

Attackers can exploit this issue to mount S-/ATA-Disks onto the affected computer. This will allow attackers to bypass the privacy mechanism used by the live CD. Successfully exploiting this issue may compromise the privacy of users.

Versions prior to Ubutnu Privacy Remix 8.04 r1 are vulnerable.

5. RSyslog '$AllowedSender' Configuration Directive Security Bypass Vulnerability
BugTraq ID: 32630
Remote: Yes
Date Published: 2008-12-04
Relevant URL: http://www.securityfocus.com/bid/32630
Summary:
RSyslog is prone to a security-bypass vulnerability because of an error in the daemon's ACL (Access Control List) handling.

Attackers can exploit this issue to bypass ACL restrictions that limit which hosts may send messages to the daemon. Successful exploits can result in misleading log entries or denial-of-service conditions. Other attacks may also be possible.

6. Linux Kernel 'parisc_show_stack()' Local Denial of Service Vulnerability
BugTraq ID: 32636
Remote: No
Date Published: 2008-12-04
Relevant URL: http://www.securityfocus.com/bid/32636
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Local attackers can exploit this issue to crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc7 are vulnerable.

Note that this issue applies to PA-RISC 32-bit and 64-bit architectures.

7. Novell Netware ApacheAdmin Security Bypass Vulnerability
BugTraq ID: 32657
Remote: Yes
Date Published: 2008-12-05
Relevant URL: http://www.securityfocus.com/bid/32657
Summary:
Novell Netware is prone to a security-bypass vulnerability.

Attackers can exploit this issue to gain unauthorized access to the ApacheAdmin console. Successfully exploiting this issue will lead to further attacks.

8. Linux Kernel 'net/atm/proc.c' Local Denial of Service Vulnerability
BugTraq ID: 32676
Remote: No
Date Published: 2008-12-04
Relevant URL: http://www.securityfocus.com/bid/32676
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop, which may cause a denial-of-service condition.

9. Vinagre 'vinarge_utils_show_error()' Function Format String Vulnerability
BugTraq ID: 32682
Remote: Yes
Date Published: 2008-12-08
Relevant URL: http://www.securityfocus.com/bid/32682
Summary:
Vinagre is prone to a remote format-string vulnerability because it fails to sufficiently sanitize user-supplied input before using it in a formatted-printing function.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious '.vnc' file.

Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application.

10. Compiz Fusion 'Expo' Plugin Security Bypass Vulnerability
BugTraq ID: 32712
Remote: No
Date Published: 2008-12-08
Relevant URL: http://www.securityfocus.com/bid/32712
Summary:
Compiz Fusion is prone to a security-bypass vulnerability because of an issue with the 'Expo' plugin.

Attackers may be able to bypass certain security restrictions, which may allow them to bypass the screensaver protection and to access the locked desktop.

Versions prior to Compiz Fusion 0.5.2, 0.7.4, and 0.7.8 are vulnerable.

11. Linux Kernel MIPS Untrusted User Application Local Denial of Service Vulnerability
BugTraq ID: 32716
Remote: No
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32716
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability affecting 64-bit MIPS architectures.

Attackers can exploit this issue to cause the kernel to crash, denying service to legitimate users.

12. PHP 'proc_open()' Environment Parameter Safe Mode Restriction-Bypass Vulnerability
BugTraq ID: 32717
Remote: No
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32717
Summary:
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to bypass some safe-mode restrictions.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, with the 'safe_mode' restrictions assumed to isolate the users from each other.

This issue is reported to affect PHP 5.2.8 on the Linux operating system; other versions may also be vulnerable.

13. Avast! Linux Home Edition ISO and RPM File Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 32747
Remote: Yes
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32747
Summary:
Avast! Linux Home Edition is prone to multiple buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Avast! Linux Home Edition 1.0.8 is vulnerable; other versions may also be affected.

14. Sophos Antivirus For Linux Multiple File Processing Remote Denial Of Service Vulnerabilities
BugTraq ID: 32748
Remote: Yes
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32748
Summary:
Sophos Antivirus For Linux is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle malformed files.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users. Due to the nature of these issues, remote code-execution may be possible, but this has not been confirmed.

Sophos Antivirus For Linux 4.33.0 is vulnerable; other versions may also be affected.

15. AVG Anti-Virus For Linux UPX File Parsing Denial of Service Vulnerability
BugTraq ID: 32749
Remote: Yes
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32749
Summary:
AVG Anti-Virus for Linux is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution may be possible; however this has not been confirmed.

Versions prior to AVG Anti-Virus 7.5.51 are vulnerable.

16. BitDefender Antivirus For Linux Multiple File Processing Remote Denial Of Service Vulnerabilities
BugTraq ID: 32751
Remote: Yes
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32751
Summary:
BitDefender Antivirus For Linux is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle malformed files.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users. Due to the nature of these issues, remote code-execution may be possible, but this has not been confirmed.

BitDefender Antivirus For Linux 7.60825 is vulnerable; other versions may also be affected.

17. F-Prot Antivirus for Linux ELF File Scanning Denial of Service Vulnerability
BugTraq ID: 32753
Remote: Yes
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32753
Summary:
F-Prot Antivirus for Linux is a virus scanning application for the Linux operating system.

The application is prone to a denial-of-service vulnerability because it fails to handle malformed files.

Successfully exploiting this issue will crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution may be possible, but this has not been confirmed.

F-Prot Antivirus for Linux 4.6.8 is vulnerable; other versions may also be affected.

18. Linux Kernel 'ac_ioctl()' Local Buffer Overflow Vulnerability
BugTraq ID: 32759
Remote: No
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32759
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Local attackers may be able to exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to the Linux kernel 2.6.28-rc1 are vulnerable.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Ironkey: The World's Most Secure Flash Drive

You can now initiate and utilize IronKey flash drives on Linux operating systems based on kernel 2.6 and above.
IronKey uses military-grade AES hardware encryption and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H

No comments:

Blog Archive