Date: Tue, 21 Jun 2005 14:11:24 -0600
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #240
SecurityFocus Linux Newsletter #240
----------------------------------------

This Issue is Sponsored By: Black Hat

Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las 
Vegas. World renowned security experts reveal tomorrow's threats today. 
Free of vendor pitches, the Briefings are designed to be pragmatic 
regardless of your security environment. Featuring 29 hands-on training 
courses and 10 conference tracks, networking opportunities with over 2,000 
delegates from 30+ nations. 

http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Interview with Marcus Ranum
       2. Your fingerprints are everywhere
       3. Software Firewalls: Made of Straw? Part 2 of 2
II.  LINUX VULNERABILITY SUMMARY
       1. RedHat Linux SysReport Proxy Information Disclosure 
Vulnerability
       2. Multiple Vendor Telnet Client Remote Information Disclosure 
Vulnerability
       3. Sun Java Web Start Unspecified Privilege Escalation 
Vulnerability
       4. Iron Bars Shell Multiple Unspecified Buffer Overflow 
Vulnerabilities
       5. Sun Java Runtime Environment Unspecified Privilege Escalation 
Vulnerability
       6. ViRobot Linux Server Remote Buffer Overflow Vulnerability
       7. PAFileDB Multiple Input Validation Vulnerabilities
       8. Opera Web Browser Cross-Site Scripting Local File Disclosure 
Vulnerability
       9. Opera Web Browser XMLHttpRequest Object Cross-Domain Access 
Vulnerability
       10. Ultimate PHP Board Multiple Cross-Site Scripting 
Vulnerabilities
       11. SquirrelMail Multiple Unspecified Cross-Site Scripting 
Vulnerabilities
       12. Ultimate PHP Board Weak Password Encryption Vulnerability
       13. SpamAssassin Malformed Email Header Remote Denial Of Service 
Vulnerability
       14. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
       15. Yaws Remote Source Code Disclosure Vulnerability
       16. XAMMP Lang.PHP HTML Injection Vulnerability
       17. XAMMP Lang.PHP Directory Traversal Vulnerability
       18. Vipul Razor-agents Multiple Unspecified Denial Of Service 
Vulnerability
       19. JBoss Malformed HTTP Request Remote Information Disclosure 
Vulnerability
III. LINUX FOCUS LIST SUMMARY
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Interview with Marcus Ranum
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/334

2. Your fingerprints are everywhere
By Scott Granneman
How much do you trust your government? That's a question that all of us 
have to ask, perhaps the more often the better.
http://www.securityfocus.com/columnists/333

3. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be 
circumvented by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
BugTraq ID: 13936
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13936
Summary:
Sysreport is susceptible to an information disclosure vulnerability. 
This issue is due to a failure of the application to ensure that 
sensitive information is not included in its generated reports.

This vulnerability may result in sending unencrypted proxy 
authentication usernames and passwords to potentially malicious people. This may 
aid them in further attacks.

2. Multiple Vendor Telnet Client Remote Information Disclosure 
Vulnerability
BugTraq ID: 13940
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13940
Summary:
Telnet clients provided by multiple vendors are susceptible to a remote 
information disclosure vulnerability.

Any information stored in the environment of clients utilizing the 
affected telnet application is available for attackers to retrieve. The 
contents of the environment variables may be sensitive in nature, allowing 
attackers to gain information that may aid them in further system 
compromise.


3. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13945
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13945
Summary:
Sun Java Web Start is susceptible to an unspecified privilege 
escalation vulnerability.

This vulnerability allows remote, untrusted Java applications to gain 
elevated privileges. This allows them to read or write local files, or 
to execute arbitrary local applications. These actions are normally 
forbidden for untrusted applications running in the Java virtual machine.

Further details are not available at this time. This BID will be 
updated as further information is disclosed.

4. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 13957
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13957
Summary:
Multiple unspecified buffer overflow vulnerabilities affect Iron Bars 
Shell. These issues are due to a failure of the application to properly 
validate the length of user-supplied strings prior to copying them into 
static process buffers.

The details currently available regarding these issues are insufficient 
to provide an accurate technical description.  It can be speculated 
that these issues may be leveraged by an attacker to gain escalated 
privileges on a local machine.

An attacker may leverage these issues to execute instructions with the 
privileges of the affected application.

5. Sun Java Runtime Environment Unspecified Privilege Escalation 
Vulnerability
BugTraq ID: 13958
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13958
Summary:
Sun Java Runtime Environment is susceptible to an unspecified privilege 
escalation vulnerability.

This vulnerability allows remote, untrusted Java applications to gain 
elevated privileges. This allows them to read or write local files, or 
to execute arbitrary local applications. These actions are normally 
forbidden for untrusted applications running in the Java virtual machine.

Further details are not available at this time. This BID will be 
updated as further information is disclosed.

6. ViRobot Linux Server Remote Buffer Overflow Vulnerability
BugTraq ID: 13964
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13964
Summary:
ViRobot Linux Server is prone to a remote buffer overflow vulnerability 
affecting the Web based management interface.  This issue presents 
itself because the application fails to perform boundary checks prior to 
copying user-supplied data into sensitive process buffers.

An attacker can unauthorized access to a vulnerable computer by 
supplying malformed values through cookies.  This issue can lead to a complete 
compromise.

ViRobot Linux Server 2.0 is vulnerable to this issue.  Other versions 
may be affected as well.

7. PAFileDB Multiple Input Validation Vulnerabilities
BugTraq ID: 13967
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13967
Summary:
paFileDB is prone to multiple input validation vulnerabilities. The 
following issues are reported:

Multiple SQL injection issues exist in paFileDB.

The impact of these issues will vary depending on features supported by 
the database implementation but may be limited due to the nature of 
affected queries.

Multiple cross-site scripting issues are also reported when passing 
user-supplied arguments to the 'sortby', 'filelist', and 'pages' 
parameters of the 'pafiledb.php' script.

Exploitation of these issues may allow for compromise of the software, 
session hijacking, or attacks against the underlying database.

Finally, paFileDB is prone to a file disclosure vulnerability. The 
'action' parameter of the 'pafiledb.php' script is affected by the 
vulnerability.


8. Opera Web Browser Cross-Site Scripting Local File Disclosure 
Vulnerability
BugTraq ID: 13969
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13969
Summary:
Opera Web Browser is affected by a cross-site scripting vulnerability 
that can be leveraged to disclose local files as well.

Attackers may steal cookie-based authentication credentials, disclose 
local files in the context of the browser and carry out other attacks.

Opera Web Browser version 8.0 is prone to this issue.

9. Opera Web Browser XMLHttpRequest Object Cross-Domain Access 
Vulnerability
BugTraq ID: 13970
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13970
Summary:
Opera Web Browser is prone to an issue that allows a violation of the 
cross-domain security model.

This issue arises due to an access validation error affecting the 
'XMLHttpRequest' object.

Successful exploitation may result in cookie theft, content 
manipulation, information disclosure or other attacks.

Opera Web Browser version 8.0 is prone to this issue.

10. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13971
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13971
Summary:
Ultimate PHP Board is prone to multiple cross-site scripting 
vulnerabilities.  These issues are due to a failure in the application to 
properly sanitize user-supplied input.

An attacker may leverage any of these issues to have arbitrary script 
code executed in the browser of an unsuspecting user in the context of 
the affected site.  This may facilitate the theft of cookie-based 
authentication credentials as well as other attacks.

11. SquirrelMail Multiple Unspecified Cross-Site Scripting 
Vulnerabilities
BugTraq ID: 13973
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13973
Summary:
SquirrelMail is affected by multiple unspecified cross-site scripting 
vulnerabilities.  These issues are due to a failure of the application 
to properly sanitize user-supplied URI input.  

These issues could permit a remote attacker to create a malicious URI 
link that includes hostile HTML and script code. If this link were to be 
followed, the hostile code may be rendered in the web browser of the 
victim user. This would occur in the security context of the affected web 
site and may allow for theft of cookie-based authentication credentials 
or other attacks.


12. Ultimate PHP Board Weak Password Encryption Vulnerability
BugTraq ID: 13975
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13975
Summary:
Ultimate PHP Board is prone to a weak password encryption 
vulnerability.  This issue is due to a failure of the application to protect 
passwords with a sufficiently effective encryption scheme.

This issue may allow a malicious user to gain access to user and 
administrator passwords for the affected application.

13. SpamAssassin Malformed Email Header Remote Denial Of Service 
Vulnerability
BugTraq ID: 13978
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial of service vulnerability. This 
issue is due to a failure of the application to properly handle overly 
long email headers. 

Further details regarding this vulnerability are currently not 
available. This BID will be updated as more information is disclosed.

An attacker may cause SpamAssassin to take inordinate amounts of time 
to check a specially crafted email message. By sending many malicious 
messages, it may be possible for attackers to cause extremely large 
delays in email delivery, denying service to legitimate users.

14. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
BugTraq ID: 13980
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13980
Summary:
SuSE Linux is affected by an unspecified vulnerability related to 
S/MIME signing using gpg2.  The cause and impact of this issue is currently 
unknown.

Due to a lack of details, it cannot be confirmed whether this issue 
poses a security threat or results in an adverse affect on the 
functionality of the application.  It is conjectured that this issue is remote in 
nature.

SUSE Linux 9.3 is affected by this issue.



15. Yaws Remote Source Code Disclosure Vulnerability
BugTraq ID: 13981
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13981
Summary:
A vulnerability has been reported in Yaws that may result in the 
disclosure of script files' source code. 

Information obtained in this manner may be used by the attacker to 
launch further attacks against a vulnerable system. 

Yaws 1.55 and prior versions are affected.

16. XAMMP Lang.PHP HTML Injection Vulnerability
BugTraq ID: 13982
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13982
Summary:
XAMMP is prone to an HTML injection vulnerability.  This issue is due 
to a failure in the application to properly sanitize user-supplied input 
before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context 
of the affected Web site, potentially allowing for theft of 
cookie-based authentication credentials. An attacker could also exploit this issue 
to control how the site is rendered to the user; other attacks are also 
possible.

This issue is reported to affect the Linux distribution of XAMMP.

17. XAMMP Lang.PHP Directory Traversal Vulnerability
BugTraq ID: 13983
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13983
Summary:
XAMMP is prone to a directory traversal vulnerability.  This issue is 
due to a failure in the application to properly sanitize user-supplied 
input.

A remote unauthorized user can disclose the contents of arbitrary local 
PHP scripts through the use of directory traversal strings '../'.  
Exploitation of this vulnerability could lead to a loss of confidentiality.

This issue is reported to affect the Linux distribution of XAMMP.

18. Vipul Razor-agents Multiple Unspecified Denial Of Service 
Vulnerability
BugTraq ID: 13984
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial of service 
vulnerabilities. The following issues are reported:

The first denial of service vulnerability exists in the discovery logic 
of Razor-agents.

The second issue exists in the preprocessing code of Razor-agents.

Both issues may be exploited to cause a denial of service for the 
vulnerable application.


19. JBoss Malformed HTTP Request Remote Information Disclosure 
Vulnerability
BugTraq ID: 13985
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13985
Summary:
JBoss is prone to a remote information disclosure vulnerability. The 
issue exists in the 'org.jboss.web.WebServer' class and is due to a lack 
of sufficient sanitization of user-supplied request data.

Information that is harvested through leveraging of this issue may be 
used to aid in further attacks that are launched against the affected 
service.


III. LINUX FOCUS LIST SUMMARY
---------------------------------

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat

Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las 
Vegas. World renowned security experts reveal tomorrow's threats today. 
Free of vendor pitches, the Briefings are designed to be pragmatic 
regardless of your security environment. Featuring 29 hands-on training 
courses and 10 conference tracks, networking opportunities with over 2,000 
delegates from 30+ nations. 

http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621