News

Wednesday, February 11, 2009

SecurityFocus Linux Newsletter #426

SecurityFocus Linux Newsletter #426
----------------------------------------

This issue is sponsored by Sophos

Is virtualization a black hole in your security? 5 ways to ensure it isn't...

End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them.

http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883a


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Don't Blame the Browser
2.Resurrecting the Killfile
II. LINUX VULNERABILITY SUMMARY
1. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
2. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
3. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
4. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
5. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
6. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
7. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
8. Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
9. ProFTPD Character Encoding SQL Injection Vulnerability
10. Wicd 'wicd.conf' Default Configuration Local Information Disclosure Vulnerability
11. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
12. Linux Kernel Console Selection Local Privilege Escalation Vulnerability
13. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
14. Trend Micro Interscan Web Security HTTP Proxy Authentication Information Disclosure Vulnerability
15. ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
16. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
17. GNOME Evolution S/MIME Email Signature Verification Vulnerability
18. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
19. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

2. Resurrecting the Killfile
By Oliver Day
In William Gibson's Idoru, one of the book's hackers describes a community of people who all share a file of unwanted things to create the walled city of Hak Nam. "They made something like a killfile of everything, everything they didn't like, and they turned that inside out," he wrote.
http://www.securityfocus.com/columnists/491


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
BugTraq ID: 33579
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33579
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

NOTE: This BID is being retired because an attacker needs administrative access to an affected application to exploit this issue. An attacker with such access would be able to compromise the application without having to exploit any issue.

2. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
BugTraq ID: 33580
Remote: Yes
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33580
Summary:
Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.

3. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
BugTraq ID: 33581
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33581
Summary:
Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl.

An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible.

This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl.

4. sblim-sfcb 'genSslCert.sh' Insecure Temporary File Creation Vulnerability
BugTraq ID: 33583
Remote: No
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33583
Summary:
The 'sblim-sfcb' package creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application.

Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.

This issue affects sblim-sfcb 1.3.2; other versions may also be affected.

5. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
BugTraq ID: 33595
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33595
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

6. Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -01 to -06 Multiple Remote Vulnerabilities
BugTraq ID: 33598
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33598
Summary:
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, bypass certain security settings, and execute arbitrary script code with elevated privileges; other attacks are also possible.

7. Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability
BugTraq ID: 33604
Remote: Yes
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33604
Summary:
Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying further service to legitimate users.

This issue affects versions prior to Squid 2.7.STABLE5, Squid 3.0.STABLE12, and Squid 3.1.0.4.

8. Linux Kernel 'inotify_read()' Local Denial of Service Vulnerability
BugTraq ID: 33624
Remote: No
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33624
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an oops condition in the Linux kernel, which may cause a denial of service.

Versions prior to the Linux kernel 2.6.28.3 are vulnerable.

9. ProFTPD Character Encoding SQL Injection Vulnerability
BugTraq ID: 33650
Remote: Yes
Date Published: 2009-02-05
Relevant URL: http://www.securityfocus.com/bid/33650
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

The issue affects ProFTPD 1.3.1 and later versions.

10. Wicd 'wicd.conf' Default Configuration Local Information Disclosure Vulnerability
BugTraq ID: 33658
Remote: No
Date Published: 2009-02-06
Relevant URL: http://www.securityfocus.com/bid/33658
Summary:
Wicd is prone to a local information-disclosure vulnerability because its default configuration fails to restrict ownership of its daemon.

Local attackers can exploit this issue to claim ownership of the Wicd daemon object and receive messages intended for the daemon. Information harvested from the messages could help attackers launch further attacks.

Versions prior to Wicd 1.5.9 are vulnerable.

11. HP OpenView Network Node Manager Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 33666
Remote: Yes
Date Published: 2009-02-06
Relevant URL: http://www.securityfocus.com/bid/33666
Summary:
HP OpenView Network Node Manager is prone to multiple remote command-execution vulnerabilities because it fails to sanitize user-supplied data.

An attacker can exploit these issues to execute arbitrary commands with the privileges of the affected application; this may aid in further attacks.

Network Node Manager 7.53 under Linux is vulnerable; other versions and platforms may also be affected.

12. Linux Kernel Console Selection Local Privilege Escalation Vulnerability
BugTraq ID: 33672
Remote: No
Date Published: 2009-02-06
Relevant URL: http://www.securityfocus.com/bid/33672
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with elevated privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28.4 are vulnerable.

13. Trend Micro InterScan Web Security Suite Multiple Security Bypass Vulnerabilities
BugTraq ID: 33679
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33679
Summary:
Trend Micro InterScan Web Security Suite is prone to multiple security-bypass vulnerabilities.

Successful exploits may allow attackers to access sensitive areas and to elevate privileges to perform certain restricted actions, such as modifying system configuration.

These issues affect InterScan Web Security Suite 3.1 for Windows. Reportedly, Linux versions of the application are also affected.

14. Trend Micro Interscan Web Security HTTP Proxy Authentication Information Disclosure Vulnerability
BugTraq ID: 33687
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33687
Summary:
Trend Micro Interscan Web Security Suite is prone to an information-disclosure vulnerability when handling HTTP Proxy-Authentication headers.

An attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

15. ZeroShell 'cgi-bin/kerbynet' Remote Command Execution Vulnerability
BugTraq ID: 33702
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33702
Summary:
ZeroShell is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the software fails to adequately sanitize user-supplied input.

Successful attacks can compromise the affected application and possibly the underlying computer.

ZeroShell 1.0beta11 is vulnerable; other versions may also be affected.

16. TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities
BugTraq ID: 33714
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33714
Summary:
TYPO3 is prone to multiple cross-site scripting vulnerabilities and an information-disclosure vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.

17. GNOME Evolution S/MIME Email Signature Verification Vulnerability
BugTraq ID: 33720
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33720
Summary:
GNOME Evolution is prone to a signature-verification vulnerability.

Attackers can exploit this issue through man-in-the-middle attacks to modify signed messages undetected.

18. ProFTPD 'mod_sql' Username SQL Injection Vulnerability
BugTraq ID: 33722
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33722
Summary:
ProFTPD is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to manipulate SQL queries, modify data, or exploit latent vulnerabilities in the underlying database. This may result in unauthorized access and a compromise of the application; other attacks are also possible.

ProFTPD 1.3.1 through 1.3.2 rc 2 are vulnerable.

19. libvirt 'libvirt_proxy.c' Local Privilege Escalation Vulnerability
BugTraq ID: 33724
Remote: No
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33724
Summary:
The 'libvirt' library is prone to a local privilege-escalation vulnerability because it fails perform adequate boundary-checks on user-supplied data.

Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects version 0.5.1; other versions may also be affected.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos

Is virtualization a black hole in your security? 5 ways to ensure it isn't...

End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them.

http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883a

No comments:

Blog Archive