| Date: | Tue, 28 Jun 2005 16:06:30 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #241 |
SecurityFocus Linux Newsletter #241
----------------------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow.s threats today.
Free of vendor pitches, the Briefings are designed to be pragmatic
regardless of your security environment. Featuring 29 hands-on training
courses and 10 conference tracks, networking opportunities with over 2,000
delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050628
------------------------------------------------------------------
I. FRONT AND CENTER
1. Where's the threat?
2. Software Firewalls: Made of Straw? Part 2 of 2
II. LINUX VULNERABILITY SUMMARY
1. Edgewall Software Trac Unauthorized File Upload/Download
Vulnerability
2. Todd Miller Sudo Local Race Condition Vulnerability
3. Novell NetMail Patch Packaging Insecure File Permissions
Vulnerability
4. Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command
Execution Vulnerability
5. Tor Arbitrary Memory Information Disclosure Vulnerability
6. RaXnet Cacti Multiple SQL Injection Vulnerabilities
7. RaXnet Cacti Config_Settings.PHP Remote File Include
Vulnerability
8. RaXnet Cacti Top_Graph_Header.PHP Remote File Include
Vulnerability
9. Asterisk Manager Interface Command Processing Remote Buffer
Overflow Vulnerability
10. Linux Kernel Unauthorized SCSI Command Vulnerability
11. Simple Machines Msg Parameter SQL Injection Vulnerability
12. Linux Kernel 64 Bit AR-RSC Register Access Validation
Vulnerability
13. Linux Kernel Subthread Exec Local Denial Of Service
Vulnerability
14. PHP-Nuke Avatar HTML Injection Vulnerability
15. IBM DB2 Universal Database Unspecified Authorization Bypass
Vulnerability
16. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor
Denial Of Service Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Apache issue
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Where's the threat?
By Matthew Tanase
I'm sure everyone remembers the story of Goldilocks and the three bears
http://www.securityfocus.com/columnists/335
2. Software Firewalls: Made of Straw? Part 2 of 2
By Israel G. Lugo, Don Parker
In part two we look at how easily the firewall's operation can be
circumvented by inserting a malicious Trojan into the network stack itself.
http://www.securityfocus.com/infocus/1840
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Edgewall Software Trac Unauthorized File Upload/Download
Vulnerability
BugTraq ID: 13990
Remote: Yes
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13990
Summary:
Trac is affected by an unauthorized file upload/download vulnerability.
This issue can lead to information disclosure and unauthorized remote
access as an attacker can place and execute malicious PHP scripts on an
affected computer.
Trac 0.8.3 and prior versions are affected by this issue.
2. Todd Miller Sudo Local Race Condition Vulnerability
BugTraq ID: 13993
Remote: No
Date Published: 2005-06-20
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
Sudo is prone to a local race condition vulnerability. The issue only
manifests under certain conditions, specifically, when the sudoers
configuration file contains a pseudo-command 'ALL' that directly follows a
users sudoers entry.
When the aforementioned configuration exists, this issue may be
leveraged by local attackers to execute arbitrary executables with escalated
privileges. This may be accomplished by creating symbolic links to
target files.
3. Novell NetMail Patch Packaging Insecure File Permissions
Vulnerability
BugTraq ID: 14005
Remote: No
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14005
Summary:
Novell NetMail is susceptible to an insecure file permissions
vulnerability. This issue is due to a flaw in the patch packaging system used to
update NetMail. This vulnerability only presents itself on Linux
installations of NetMail.
This vulnerability allows local attackers to modify or replace NetMail
binaries. This will result in the compromise of the NetMail account.
Computers running versions 3.52A, 3.52B, or 3.52C on Linux are affected
by this issue.
4. Yukihiro Matsumoto Ruby XMLRPC Server Unspecified Command Execution
Vulnerability
BugTraq ID: 14016
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14016
Summary:
Ruby is affected by an unspecified command execution vulnerability.
Reportedly, this issue affects the XMLRPC server.
It may be possible for an attacker to gain unauthorized access to an
affected computer by exploiting this issue.
Ruby 1.8.2 is known to be vulnerable to this vulnerability, however,
other versions may be affected as well.
5. Tor Arbitrary Memory Information Disclosure Vulnerability
BugTraq ID: 14024
Remote: Yes
Date Published: 2005-06-21
Relevant URL: http://www.securityfocus.com/bid/14024
Summary:
Tor is prone to an arbitrary memory information disclosure
vulnerability.
A remote attacker could exploit this vulnerability to gain sensitive
information, possibly private keys.
This issue is reported to affect Tor versions prior to 0.1.0.10.
6. RaXnet Cacti Multiple SQL Injection Vulnerabilities
BugTraq ID: 14027
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14027
Summary:
Cacti is prone to multiple SQL injection vulnerabilities.
These issues could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other
attacks.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation. An
attacker can obtain the administrative password by exploiting these issues.
Cacti versions prior to 0.8.6e are affected by these vulnerabilities.
7. RaXnet Cacti Config_Settings.PHP Remote File Include Vulnerability
BugTraq ID: 14028
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14028
Summary:
RaXnet Cacti is prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the
location of a remote attacker-specified script through the
'config_settings.php' script.
An attacker may leverage this issue to execute arbitrary server-side
script code on an affected computer with the privileges of the Web server
process. This may facilitate unauthorized access.
8. RaXnet Cacti Top_Graph_Header.PHP Remote File Include Vulnerability
BugTraq ID: 14030
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14030
Summary:
RaXnet Cacti is prone to a remote file include vulnerability.
The problem presents itself specifically when an attacker passes the
location of a remote attacker-specified script through the
'top_graph_header.php' script.
An attacker may leverage this issue to execute arbitrary server-side
script code on an affected computer with the privileges of the Web server
process. This may facilitate unauthorized access.
9. Asterisk Manager Interface Command Processing Remote Buffer Overflow
Vulnerability
BugTraq ID: 14031
Remote: Yes
Date Published: 2005-06-22
Relevant URL: http://www.securityfocus.com/bid/14031
Summary:
Asterisk manager interface is prone to a remote buffer overflow
vulnerability. The issue manifests due to a lack of sufficient boundary checks
performed by command line interface processing routines. Reports
indicate that the issue may only be exploited if the manager interface is
accessible and an attacker is able to write commands to the interface.
Under certain circumstances a remote attacker may exploit this issue to
execute arbitrary code in the context of the affected software.
10. Linux Kernel Unauthorized SCSI Command Vulnerability
BugTraq ID: 14040
Remote: No
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14040
Summary:
Linux kernel is reported susceptible to an unauthorized SCSI command
vulnerability.
Commands sent to a SCSI device may render the device's state
inconsistent or change the drive parameters so that other users find the drive to
be unusable.
It is possible that this issue is related to BID 11784 (SuSE Linux
Kernel Unauthorized SCSI Command Vulnerability). This is not confirmed at
the moment, however, this BID will be updated or the two BIDs will be
combined into one when further analysis is completed.
11. Simple Machines Msg Parameter SQL Injection Vulnerability
BugTraq ID: 14043
Remote: Yes
Date Published: 2005-06-23
Relevant URL: http://www.securityfocus.com/bid/14043
Summary:
Simple Machines is prone to an SQL injection vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
This issue is reported to affect Simple Machines version 1.0.4; earlier
versions may also be vulnerable.
12. Linux Kernel 64 Bit AR-RSC Register Access Validation Vulnerability
BugTraq ID: 14051
Remote: No
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14051
Summary:
The Linux Kernel for 64 Bit architectures is prone to an access
validation vulnerability. The issue manifests due to a failure to restrict
access to the 'ar.rsc' register (register stack engine control register)
by the 'restore_sigcontext' function.
Immediate consequences of exploitation would likely be a denial of
service, other attacks are also possible.
13. Linux Kernel Subthread Exec Local Denial Of Service Vulnerability
BugTraq ID: 14054
Remote: No
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14054
Summary:
The Linux kernel is prone to a local denial of service vulnerability.
The issue manifests when a call to exec is made for a subthread that has
a timer pending.
A local attacker may exploit this issue to crash the kernel effectively
denying service for legitimate users.
14. PHP-Nuke Avatar HTML Injection Vulnerability
BugTraq ID: 14056
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14056
Summary:
PHP-Nuke is prone to an HTML injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected Web site, potentially allowing for theft of
cookie-based authentication credentials. An attacker could also exploit this issue
to control how the site is rendered to the user; other attacks are also
possible.
This issue is reported to affect all versions of PHP-Nuke up to version
7.7, this has not been confirmed.
15. IBM DB2 Universal Database Unspecified Authorization Bypass
Vulnerability
BugTraq ID: 14057
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14057
Summary:
IBM DB2 Universal Database is susceptible to an authorization bypass
vulnerability. This issue is due to a failure of the application to
properly enforce authorization restrictions for database users.
Users with SELECT privileges on in a database may bypass authorization
checks to execute INSERT, UPDATE, or DELETE statements. Further details
are not available at this time. This BID will be updated as more
information is disclosed.
This vulnerability allows attackers to modify or destroy data without
having proper authorization to do so.
16. Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of
Service Vulnerability
BugTraq ID: 14058
Remote: Yes
Date Published: 2005-06-24
Relevant URL: http://www.securityfocus.com/bid/14058
Summary:
ClamAV is prone to a denial of service vulnerability. The issue
manifests in the Quantum decompressor, the exact cause of this issue is not
known.
It is conjectured that a remote attacker may exploit this condition
using a malicious file to crash a target ClamAV server.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Apache issue
http://www.securityfocus.com/archive/91/403019
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Black Hat
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las
Vegas. World renowned security experts reveal tomorrow.s threats today.
Free of vendor pitches, the Briefings are designed to be pragmatic
regardless of your security environment. Featuring 29 hands-on training
courses and 10 conference tracks, networking opportunities with over 2,000
delegates from 30+ nations.
http://www.securityfocus.com/sponsor/BlackHat_sf-news_050628