News

Thursday, January 29, 2009

SecurityFocus Linux Newsletter #424

SecurityFocus Linux Newsletter #424
----------------------------------------

Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. LINUX VULNERABILITY SUMMARY
1. Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer Overflow Vulnerability
2. Red Hat SquirrelMail Package Session Management Vulnerability
3. Git Snapshot Generation and Pickaxe Search Arbitrary Command Injection Vulnerability
4. MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
5. TYPO3 Multiple Remote Vulnerabilities
6. Debian 'libapache2-mod-auth-mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
7. Sun Java System Application Server Information Disclosure Vulnerability
8. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
9. Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
10. Systrace 64-Bit Aware Linux Kernel Privilege Escalation Vulnerability
11. CUPS '/tmp/pdf.log' Insecure Temporary File Creation Vulnerability
12. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
13. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
14. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
15. XChat 'PySys_SetArgv' Remote Command Execution Vulnerability
16. gedit 'PySys_SetArgv' Remote Command Execution Vulnerability
17. Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
18. Vim 'PySys_SetArgv' Remote Command Execution Vulnerability
19. Dia 'PySys_SetArgv' Remote Command Execution Vulnerability
20. RETIRED: Linux Kernel 'irda-usb.c' Remote Buffer Overflow Vulnerability
21. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
22. Computer Associates Anti-Virus Engine 'arclib.dll' Multiple Scan Evasion Vulnerabilities
23. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
24. Zinf Multiple PlayList Files Buffer Overflow Vulnerability
25. Sun Java System Access Manager Username Enumeration Weakness
26. RETIRED: PHP 'dba_replace() ' File Corruption Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. CfP DIMVA 2009
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Multiple Ralinktech Wireless Drivers MAC/BSS/SSID Integer Overflow Vulnerability
BugTraq ID: 33340
Remote: Yes
Date Published: 2009-01-19
Relevant URL: http://www.securityfocus.com/bid/33340
Summary:
Multiple Ralinktech wireless drivers are prone to an integer-overflow vulnerability because they fail to ensure that integer values aren't overrrun.

Successful exploits may allow remote attackers to execute arbitrary code with kernel-level privileges, resulting in the complete compromise of an affected device. Failed exploit attempts will likely cause denial-of-service conditions.

Ralink USB Wireless Adapter (RT73) 3.08 is affected. Other unspecified devices are also affected.

2. Red Hat SquirrelMail Package Session Management Vulnerability
BugTraq ID: 33354
Remote: Yes
Date Published: 2009-01-19
Relevant URL: http://www.securityfocus.com/bid/33354
Summary:
The Red Hat 'squirrelmail' package is prone to an authentication-bypass vulnerability because of a session-handling error introduced by patches provided by Red Hat Security Advisory RHSA-2009:0010.

Attackers can exploit this issue to hijack other users' sessions and obtain sensitive information that can aid in further attacks.

3. Git Snapshot Generation and Pickaxe Search Arbitrary Command Injection Vulnerability
BugTraq ID: 33355
Remote: Yes
Date Published: 2009-01-19
Relevant URL: http://www.securityfocus.com/bid/33355
Summary:
Git is prone to a vulnerability that lets attackers inject arbitrary commands. The issue occurs because the software fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application.

4. MoinMoin 'AttachFile.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33365
Remote: Yes
Date Published: 2009-01-20
Relevant URL: http://www.securityfocus.com/bid/33365
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to MoinMoin 1.8.1 are vulnerable.

5. TYPO3 Multiple Remote Vulnerabilities
BugTraq ID: 33376
Remote: Yes
Date Published: 2009-01-20
Relevant URL: http://www.securityfocus.com/bid/33376
Summary:
TYPO3 is prone to multiple vulnerabilities:

- creation of weak encryption keys
- authentication bypass
- insecure session management
- cross-site scripting
- remote command execution

Versions prior to TYPO3 4.0.10, 4.1.8, or 4.2.4 are vulnerable.

6. Debian 'libapache2-mod-auth-mysql' Package Multibyte Character Encoding SQL Injection Vulnerability
BugTraq ID: 33392
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33392
Summary:
The Debian 'libapache2-mod-auth-mysql' package is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

7. Sun Java System Application Server Information Disclosure Vulnerability
BugTraq ID: 33397
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33397
Summary:
Sun Java System Application Server is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

8. GStreamer QuickTime Media File Parsing Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33405
Remote: Yes
Date Published: 2009-01-22
Relevant URL: http://www.securityfocus.com/bid/33405
Summary:
GStreamer is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage these issues to execute arbitrary code in the context of applications that use the affected library. Failed attacks will cause denial-of-service conditions.

Versions prior to GStreamer 'gst-plugins-good' 0.10.12 are vulnerable. Applications using the library, such as Songbird, Totem, and Amarok, may also be affected.

9. Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
BugTraq ID: 33412
Remote: No
Date Published: 2009-01-23
Relevant URL: http://www.securityfocus.com/bid/33412
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.29.1 are vulnerable.

10. Systrace 64-Bit Aware Linux Kernel Privilege Escalation Vulnerability
BugTraq ID: 33417
Remote: No
Date Published: 2009-01-23
Relevant URL: http://www.securityfocus.com/bid/33417
Summary:
Systrace is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended system calls, which may result in an elevation of privileges.

Versions prior to Systrace 1.6f are vulnerable.

11. CUPS '/tmp/pdf.log' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33418
Remote: No
Date Published: 2009-01-24
Relevant URL: http://www.securityfocus.com/bid/33418
Summary:
CUPS creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

CUPS 1.3.9 is vulnerable; other versions may also be affected.

12. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

13. Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33441
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33441
Summary:
Epiphany is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

14. eog 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33443
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33443
Summary:
The 'eog' (Eye of GNOME) program is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

15. XChat 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33444
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33444
Summary:
XChat is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

16. gedit 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33445
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33445
Summary:
The 'gedit' program is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

17. Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33446
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33446
Summary:
Csound is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

18. Vim 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33447
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33447
Summary:
Vim is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run with the privileges of the currently logged-in user.

Versions prior to Vim 7.2.045 are vulnerable.

19. Dia 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33448
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33448
Summary:
Dia is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-in user.

20. RETIRED: Linux Kernel 'irda-usb.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 33449
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33449
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to prevent firmware uploading. This may result in a denial-of-service condition. Given the nature of this issue, the attacker may be able to execute arbitrary code with kernel-level privileges, but this has not been confirmed.

Linux Kernel 2.6.18 up to 2.6.28.2 are vulnerable.

UPDATE (January 27, 2009): This BID is being retired because there is no discernable security implication.

21. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
BugTraq ID: 33450
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33450
Summary:
Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

22. Computer Associates Anti-Virus Engine 'arclib.dll' Multiple Scan Evasion Vulnerabilities
BugTraq ID: 33464
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33464
Summary:
Computer Associates Anti-Virus engine is prone to multiple vulnerabilities that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus engine will fail to detect.

Products with 'arclib.dll' prior to version 7.3.0.15 are vulnerable.

23. MoinMoin 'antispam.py' Cross-Site Scripting Vulnerability
BugTraq ID: 33479
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33479
Summary:
MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

MoinMoin 1.7.3 and 1.8.1 are vulnerable; other versions may also be affected

24. Zinf Multiple PlayList Files Buffer Overflow Vulnerability
BugTraq ID: 33482
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33482
Summary:
Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

Zinf 2.2.1 is vulnerable; other versions may also be affected.

25. Sun Java System Access Manager Username Enumeration Weakness
BugTraq ID: 33489
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33489
Summary:
Sun Java System Access Manager is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

This issue affects the following versions:

Sun Java System Access Manager 6 2005Q1 (6.3)
Sun Java System Access Manager 7 2005Q4 (7.0)
Sun Java System Access Manager 7.1

26. RETIRED: PHP 'dba_replace() ' File Corruption Vulnerability
BugTraq ID: 33498
Remote: Yes
Date Published: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33498
Summary:
PHP is prone to a vulnerability that may allow attackers to corrupt a database file. This issue occurs because the application fails to validate user-supplied input.

Attackers can exploit this issue to corrupt the database file. Successfully exploiting this issue may result in a denial-of-service condition and the loss of data.

PHP 5.2.6 is vulnerable; prior versions may also be affected.

This BID is being retired. To exploit this issue an attacker would need to control components that they should not be able to control under normal circumstances.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. CfP DIMVA 2009
http://www.securityfocus.com/archive/91/500247

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e

No comments:

Blog Archive