| Date: | Tue, 21 Jun 2005 14:11:24 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #240 |
SecurityFocus Linux Newsletter #240
----------------------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today.
Free of vendor pitches, the Briefings are designed to be pragmatic
regardless of your security environment. Featuring 29 hands-on training
courses and 10 conference tracks, networking opportunities with over 2,000
delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621
------------------------------------------------------------------
I. FRONT AND CENTER
1. Interview with Marcus Ranum
2. Your fingerprints are everywhere
3. Software Firewalls: Made of Straw? Part 2 of 2
II. LINUX VULNERABILITY SUMMARY
1. RedHat Linux SysReport Proxy Information Disclosure
Vulnerability
2. Multiple Vendor Telnet Client Remote Information Disclosure
Vulnerability
3. Sun Java Web Start Unspecified Privilege Escalation
Vulnerability
4. Iron Bars Shell Multiple Unspecified Buffer Overflow
Vulnerabilities
5. Sun Java Runtime Environment Unspecified Privilege Escalation
Vulnerability
6. ViRobot Linux Server Remote Buffer Overflow Vulnerability
7. PAFileDB Multiple Input Validation Vulnerabilities
8. Opera Web Browser Cross-Site Scripting Local File Disclosure
Vulnerability
9. Opera Web Browser XMLHttpRequest Object Cross-Domain Access
Vulnerability
10. Ultimate PHP Board Multiple Cross-Site Scripting
Vulnerabilities
11. SquirrelMail Multiple Unspecified Cross-Site Scripting
Vulnerabilities
12. Ultimate PHP Board Weak Password Encryption Vulnerability
13. SpamAssassin Malformed Email Header Remote Denial Of Service
Vulnerability
14. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
15. Yaws Remote Source Code Disclosure Vulnerability
16. XAMMP Lang.PHP HTML Injection Vulnerability
17. XAMMP Lang.PHP Directory Traversal Vulnerability
18. Vipul Razor-agents Multiple Unspecified Denial Of Service
Vulnerability
19. JBoss Malformed HTTP Request Remote Information Disclosure
Vulnerability
III. LINUX FOCUS LIST SUMMARY
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Interview with Marcus Ranum
By Federico Biancuzzi
Could you introduce yourself?
http://www.securityfocus.com/columnists/334
2. Your fingerprints are everywhere
By Scott Granneman
How much do you trust your government? That's a question that all of us
have to ask, perhaps the more often the better.
http://www.securityfocus.com/columnists/333
3. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be
circumvented by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. RedHat Linux SysReport Proxy Information Disclosure Vulnerability
BugTraq ID: 13936
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13936
Summary:
Sysreport is susceptible to an information disclosure vulnerability.
This issue is due to a failure of the application to ensure that
sensitive information is not included in its generated reports.
This vulnerability may result in sending unencrypted proxy
authentication usernames and passwords to potentially malicious people. This may
aid them in further attacks.
2. Multiple Vendor Telnet Client Remote Information Disclosure
Vulnerability
BugTraq ID: 13940
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13940
Summary:
Telnet clients provided by multiple vendors are susceptible to a remote
information disclosure vulnerability.
Any information stored in the environment of clients utilizing the
affected telnet application is available for attackers to retrieve. The
contents of the environment variables may be sensitive in nature, allowing
attackers to gain information that may aid them in further system
compromise.
3. Sun Java Web Start Unspecified Privilege Escalation Vulnerability
BugTraq ID: 13945
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13945
Summary:
Sun Java Web Start is susceptible to an unspecified privilege
escalation vulnerability.
This vulnerability allows remote, untrusted Java applications to gain
elevated privileges. This allows them to read or write local files, or
to execute arbitrary local applications. These actions are normally
forbidden for untrusted applications running in the Java virtual machine.
Further details are not available at this time. This BID will be
updated as further information is disclosed.
4. Iron Bars Shell Multiple Unspecified Buffer Overflow Vulnerabilities
BugTraq ID: 13957
Remote: No
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13957
Summary:
Multiple unspecified buffer overflow vulnerabilities affect Iron Bars
Shell. These issues are due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them into
static process buffers.
The details currently available regarding these issues are insufficient
to provide an accurate technical description. It can be speculated
that these issues may be leveraged by an attacker to gain escalated
privileges on a local machine.
An attacker may leverage these issues to execute instructions with the
privileges of the affected application.
5. Sun Java Runtime Environment Unspecified Privilege Escalation
Vulnerability
BugTraq ID: 13958
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13958
Summary:
Sun Java Runtime Environment is susceptible to an unspecified privilege
escalation vulnerability.
This vulnerability allows remote, untrusted Java applications to gain
elevated privileges. This allows them to read or write local files, or
to execute arbitrary local applications. These actions are normally
forbidden for untrusted applications running in the Java virtual machine.
Further details are not available at this time. This BID will be
updated as further information is disclosed.
6. ViRobot Linux Server Remote Buffer Overflow Vulnerability
BugTraq ID: 13964
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13964
Summary:
ViRobot Linux Server is prone to a remote buffer overflow vulnerability
affecting the Web based management interface. This issue presents
itself because the application fails to perform boundary checks prior to
copying user-supplied data into sensitive process buffers.
An attacker can unauthorized access to a vulnerable computer by
supplying malformed values through cookies. This issue can lead to a complete
compromise.
ViRobot Linux Server 2.0 is vulnerable to this issue. Other versions
may be affected as well.
7. PAFileDB Multiple Input Validation Vulnerabilities
BugTraq ID: 13967
Remote: Yes
Date Published: 2005-06-15
Relevant URL: http://www.securityfocus.com/bid/13967
Summary:
paFileDB is prone to multiple input validation vulnerabilities. The
following issues are reported:
Multiple SQL injection issues exist in paFileDB.
The impact of these issues will vary depending on features supported by
the database implementation but may be limited due to the nature of
affected queries.
Multiple cross-site scripting issues are also reported when passing
user-supplied arguments to the 'sortby', 'filelist', and 'pages'
parameters of the 'pafiledb.php' script.
Exploitation of these issues may allow for compromise of the software,
session hijacking, or attacks against the underlying database.
Finally, paFileDB is prone to a file disclosure vulnerability. The
'action' parameter of the 'pafiledb.php' script is affected by the
vulnerability.
8. Opera Web Browser Cross-Site Scripting Local File Disclosure
Vulnerability
BugTraq ID: 13969
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13969
Summary:
Opera Web Browser is affected by a cross-site scripting vulnerability
that can be leveraged to disclose local files as well.
Attackers may steal cookie-based authentication credentials, disclose
local files in the context of the browser and carry out other attacks.
Opera Web Browser version 8.0 is prone to this issue.
9. Opera Web Browser XMLHttpRequest Object Cross-Domain Access
Vulnerability
BugTraq ID: 13970
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13970
Summary:
Opera Web Browser is prone to an issue that allows a violation of the
cross-domain security model.
This issue arises due to an access validation error affecting the
'XMLHttpRequest' object.
Successful exploitation may result in cookie theft, content
manipulation, information disclosure or other attacks.
Opera Web Browser version 8.0 is prone to this issue.
10. Ultimate PHP Board Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 13971
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13971
Summary:
Ultimate PHP Board is prone to multiple cross-site scripting
vulnerabilities. These issues are due to a failure in the application to
properly sanitize user-supplied input.
An attacker may leverage any of these issues to have arbitrary script
code executed in the browser of an unsuspecting user in the context of
the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
11. SquirrelMail Multiple Unspecified Cross-Site Scripting
Vulnerabilities
BugTraq ID: 13973
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13973
Summary:
SquirrelMail is affected by multiple unspecified cross-site scripting
vulnerabilities. These issues are due to a failure of the application
to properly sanitize user-supplied URI input.
These issues could permit a remote attacker to create a malicious URI
link that includes hostile HTML and script code. If this link were to be
followed, the hostile code may be rendered in the web browser of the
victim user. This would occur in the security context of the affected web
site and may allow for theft of cookie-based authentication credentials
or other attacks.
12. Ultimate PHP Board Weak Password Encryption Vulnerability
BugTraq ID: 13975
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13975
Summary:
Ultimate PHP Board is prone to a weak password encryption
vulnerability. This issue is due to a failure of the application to protect
passwords with a sufficiently effective encryption scheme.
This issue may allow a malicious user to gain access to user and
administrator passwords for the affected application.
13. SpamAssassin Malformed Email Header Remote Denial Of Service
Vulnerability
BugTraq ID: 13978
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial of service vulnerability. This
issue is due to a failure of the application to properly handle overly
long email headers.
Further details regarding this vulnerability are currently not
available. This BID will be updated as more information is disclosed.
An attacker may cause SpamAssassin to take inordinate amounts of time
to check a specially crafted email message. By sending many malicious
messages, it may be possible for attackers to cause extremely large
delays in email delivery, denying service to legitimate users.
14. SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
BugTraq ID: 13980
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13980
Summary:
SuSE Linux is affected by an unspecified vulnerability related to
S/MIME signing using gpg2. The cause and impact of this issue is currently
unknown.
Due to a lack of details, it cannot be confirmed whether this issue
poses a security threat or results in an adverse affect on the
functionality of the application. It is conjectured that this issue is remote in
nature.
SUSE Linux 9.3 is affected by this issue.
15. Yaws Remote Source Code Disclosure Vulnerability
BugTraq ID: 13981
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13981
Summary:
A vulnerability has been reported in Yaws that may result in the
disclosure of script files' source code.
Information obtained in this manner may be used by the attacker to
launch further attacks against a vulnerable system.
Yaws 1.55 and prior versions are affected.
16. XAMMP Lang.PHP HTML Injection Vulnerability
BugTraq ID: 13982
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13982
Summary:
XAMMP is prone to an HTML injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected Web site, potentially allowing for theft of
cookie-based authentication credentials. An attacker could also exploit this issue
to control how the site is rendered to the user; other attacks are also
possible.
This issue is reported to affect the Linux distribution of XAMMP.
17. XAMMP Lang.PHP Directory Traversal Vulnerability
BugTraq ID: 13983
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13983
Summary:
XAMMP is prone to a directory traversal vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input.
A remote unauthorized user can disclose the contents of arbitrary local
PHP scripts through the use of directory traversal strings '../'.
Exploitation of this vulnerability could lead to a loss of confidentiality.
This issue is reported to affect the Linux distribution of XAMMP.
18. Vipul Razor-agents Multiple Unspecified Denial Of Service
Vulnerability
BugTraq ID: 13984
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial of service
vulnerabilities. The following issues are reported:
The first denial of service vulnerability exists in the discovery logic
of Razor-agents.
The second issue exists in the preprocessing code of Razor-agents.
Both issues may be exploited to cause a denial of service for the
vulnerable application.
19. JBoss Malformed HTTP Request Remote Information Disclosure
Vulnerability
BugTraq ID: 13985
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13985
Summary:
JBoss is prone to a remote information disclosure vulnerability. The
issue exists in the 'org.jboss.web.WebServer' class and is due to a lack
of sufficient sanitization of user-supplied request data.
Information that is harvested through leveraging of this issue may be
used to aid in further attacks that are launched against the affected
service.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow's threats today.
Free of vendor pitches, the Briefings are designed to be pragmatic
regardless of your security environment. Featuring 29 hands-on training
courses and 10 conference tracks, networking opportunities with over 2,000
delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050621