News

Thursday, July 23, 2009

SecurityFocus Linux Newsletter #444

SecurityFocus Linux Newsletter #444
----------------------------------------

This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey™ S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field.

Learn more at https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
2. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
3. ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
4. ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
5. ISC DHCP 'dhcpd -t' Command Insecure Temporary File Creation Vulnerability
6. Sun Ray Server Software 'utdmsession' Command Security Bypass Vulnerability
7. PulseAudio setuid Local Privilege Escalation Vulnerability
8. Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
9. Sun Solaris XScreenSaver Local Information Disclosure Vulnerability
10. Linux Kernel SGI GRU Driver Off By One Vulnerability
11. WordPress Comment Author URI Cross-Site Scripting Vulnerability
12. Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
13. Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
14. Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
15. Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
16. Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
17. Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
18. Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
19. Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
20. Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
21. Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502


II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
BugTraq ID: 35647
Remote: No
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35647
Summary:
The Linux Kernel is prone to an unauthorized-access weakness because of an error in the definition of the 'PER_CLEAR_ON_SETID' personalities mask, which is defined in the 'include/linux/personality.h' source file.

An attacker can exploit this issue to perform unsafe operations on a vulnerable computer, which may aid in further attacks.

2. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 35652
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35652
Summary:
LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application.

LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected.

3. ISC DHCP 'dhclient' 'script_write_params()' Stack Buffer Overflow Vulnerability
BugTraq ID: 35668
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35668
Summary:
The ISC DHCP client 'dhclient' is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a fixed-length buffer.

Successfully exploiting this issue allows a remote attacker to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

4. ISC DHCP Server Host Definition Remote Denial Of Service Vulnerability
BugTraq ID: 35669
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35669
Summary:
ISC DHCP Server is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted DHCP requests.

Attackers can exploit this issue to cause the server to terminate, thus denying service to legitimate users.

5. ISC DHCP 'dhcpd -t' Command Insecure Temporary File Creation Vulnerability
BugTraq ID: 35670
Remote: No
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35670
Summary:
ISC DHCP creates temporary files in an insecure manner.

An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files.

6. Sun Ray Server Software 'utdmsession' Command Security Bypass Vulnerability
BugTraq ID: 35711
Remote: No
Date Published: 2009-07-15
Relevant URL: http://www.securityfocus.com/bid/35711
Summary:
Sun Ray Server Software is prone to a security-bypass vulnerability.

An attacker can exploit this issue to perform unauthorized actions that may aid in further attacks.

Sun Ray Server Software 4.0 is vulnerable.

7. PulseAudio setuid Local Privilege Escalation Vulnerability
BugTraq ID: 35721
Remote: No
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35721
Summary:
PulseAudio is prone to a local privilege-escalation vulnerability caused by a race-condition error.

Exploiting this issue could allow attackers to perform actions with superuser privileges, resulting in a complete compromise of affected computers.

8. Linux Kernel 'tun_chr_pool()' NULL Pointer Dereference Vulnerability
BugTraq ID: 35724
Remote: No
Date Published: 2009-07-17
Relevant URL: http://www.securityfocus.com/bid/35724
Summary:
The Linux kernel is prone to a local NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash an affected kernel, denying service to legitimate users.

This issue was introduced in Linux kernel 2.6.30.

9. Sun Solaris XScreenSaver Local Information Disclosure Vulnerability
BugTraq ID: 35733
Remote: No
Date Published: 2009-07-17
Relevant URL: http://www.securityfocus.com/bid/35733
Summary:
Solaris XScreenSaver is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may lead to further attacks.

Note that the issue may be related to BID 35574.

This issue affects the following on both SPARC and x86 platforms:

Solaris 8
Solaris 9
Solaris 10
OpenSolaris

10. Linux Kernel SGI GRU Driver Off By One Vulnerability
BugTraq ID: 35753
Remote: No
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35753
Summary:
Linux Kernel is prone to an off-by-one vulnerability that may allow attackers to trigger a denial-of-service condition. This issue affects the SGI GRU driver.

Given the nature of this issue, attackers may also be able to execute arbitrary code with kernel privileges, but this has not been confirmed.

11. WordPress Comment Author URI Cross-Site Scripting Vulnerability
BugTraq ID: 35755
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35755
Summary:
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to WordPress 2.8.2 are vulnerable.

12. Adobe Acrobat, Reader, and Flash Player Remote Code Execution Vulnerability
BugTraq ID: 35759
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35759
Summary:
Adobe Acrobat, Reader, and Flash Player are prone to a remote code-execution vulnerability.

An attacker can exploit this issue by supplying a malicious Flash ('.swf') file or by embedding a malicious Flash application in a PDF file. Successful exploits may allow the attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects the following:

Reader and Acrobat 9.1.2
Flash Player 9 and 10

13. Mozilla Firefox and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 35765
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35765
Summary:
Mozilla Firefox and Thunderbird are prone to multiple memory-corruption vulnerabilities that attackers can exploit to cause denial-of-service conditions and, in some cases, to run arbitrary code.

The vulnerabilities are fixed in Firefox 3.0.12 and 3.5. Mozilla states that Thunderbird is also affected, but doesn't specify the vulnerable and fixed versions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.

14. Mozilla Firefox 'setTimeout()' Remote Code Execution Vulnerability
BugTraq ID: 35766
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35766
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability that affects the 'setTimeout()' JavaScript function.

Attackers can exploit this issue to execute arbitrary JavaScript code with chrome privileges, which may result in a compromise of the affected computer.

NOTE: This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

Versions prior to Firefox 3.0.12 and 3.5 are vulnerable.

15. Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability
BugTraq ID: 35767
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35767
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

Versions prior to Firefox 3.5.1 and 3.0.12 are vulnerable.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

16. Mozilla Firefox and Thunderbird Remote Integer Overflow Vulnerability
BugTraq ID: 35769
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35769
Summary:
Mozilla Firefox and Thunderbird are prone to a remote integer-overflow vulnerability that attackers can exploit to cause denial-of-service conditions and possibly to execute arbitrary code.

The vulnerability is fixed in Firefox 3.0.12 and 3.5. Note that Thunderbird is also affected but Mozilla hasn't specified the vulnerable and fixed versions.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

17. Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities
BugTraq ID: 35770
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35770
Summary:
Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.

18. Mozilla Firefox 'watch()' and ' __defineSetter__ ()' Functions Remote Code Execution Vulnerability
BugTraq ID: 35772
Remote: Yes
Date Published: 2009-07-22
Relevant URL: http://www.securityfocus.com/bid/35772
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

Versions prior to Firefox 3.5 and 3.0.12 are vulnerable.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

19. Mozilla Firefox 'XPCCrossOriginWrapper' Multiple Cross Domain Scripting Vulnerabilities
BugTraq ID: 35773
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35773
Summary:
Mozilla Firefox is prone to multiple cross-domain scripting vulnerabilities.

An attacker can exploit these vulnerabilities to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.

Versions prior to Firefox 3.0.12 and 3.5 are vulnerable.

NOTE: These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned their own record to better document them.

20. Mozilla Firefox and Thunderbird RDF File Handling Remote Memory Corruption Vulnerability
BugTraq ID: 35775
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35775
Summary:
Mozilla Firefox and Thunderbird are prone to a remote memory-corruption vulnerability that attackers can exploit to cause denial-of-service conditions and possibly execute arbitrary code.

The vulnerability is fixed in Firefox 3.0.12 and 3.5. Note that Thunderbird is also affected but Mozilla hasn't specified the vulnerable and fixed versions.

This vulnerability was previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but has been assigned its own record to better document the issue.

21. Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities
BugTraq ID: 35776
Remote: Yes
Date Published: 2009-07-21
Relevant URL: http://www.securityfocus.com/bid/35776
Summary:
Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities that affect the JavaScript engine.

An attacker can exploit these issues to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document the issues.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey™ S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field.

• Always-On AES 256-bit Hardware Encryption
• FIPS 140-2 Level 3 Validated
• Hardened Case—Waterproof Beyond MIL-STD-810F
• Remote Management Software

Research for the IronKey architecture was funded in part by the U.S. Department of Homeland Security. In addition, IronKey maintains a trusted supply chain: all research and development is performed in the USA, and all boards are built and all drives are assembled in secure facilities in the USA.

IronKey Basic S200 drives will also be available in high-capacity 16GB models.

https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter

No comments:

Blog Archive