| Date: | Tue, 30 Aug 2005 16:48:25 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #249 |
SecurityFocus Linux Newsletter #249
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. The great firewall of China
II. LINUX VULNERABILITY SUMMARY
1. Elm Expires Header Remote Buffer Overflow Vulnerability
2. PCRE Regular Expression Heap Overflow Vulnerability
3. LM_sensors PWMConfig Insecure Temporary File Creation
Vulnerability
4. SLocate Local Database Corruption Vulnerability
5. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow
Vulnerability
6. PADL Software PAM_LDAP Authentication Bypass Vulnerability
7. PAFileDB Auth.PHP SQL Injection Vulnerability
8. Tor Cryptographic Handshake Remote Information Disclosure
Vulnerability
9. Apache CGI Byterange Request Denial of Service Vulnerability
10. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local
Denial Of Service Vulnerability
11. Astaro Security Linux HTTP CONNECT Unauthorized Access
Weakness
12. Simpleproxy Remote Syslog() Format String Vulnerability
13. Nokia Affix BTSRV Device Name Remote Command Execution
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. POC /dev/input/event* keylogger
2. Cracking bigcrypt/crypt16 password hashes
3. Re[2]: Linux hardening
4. Xvfb Question
5. linux password cracking tools
6. Linux hardening
7. one time passwords
8. SMB : TCP/445 impossible to sniff a document sent to be
printed to a MS Spooler Server
9. OPIE
10. Content Filtering Firewall in Linux..
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. The great firewall of China
By Scott Granneman
When a barrage of attacks and hacking attempts come from IP addresses
traced back to China, and you don't do any business in China, do you
block their entire IP address range and call it a day?
http://www.securityfocus.com/columnists/350
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an
attacker to execute malicious code. This issue is due to a failure in
the application to perform proper bounds checking on user-supplied data.
A successful attack can result in overflowing a finite sized buffer and
may ultimately lead to arbitrary code execution in the context of the
affected application.
2. PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability. This issue is due to a
failure of the library to properly bounds check user-supplied input
prior to copying data to an internal memory buffer.
The impact of successful exploitation of this vulnerability depends on
the application and the user credentials utilizing the vulnerable
library. Successful attack may ultimately permit an attacker to control the
contents of critical memory control structures and write arbitrary data
to arbitrary memory locations.
3. LM_sensors PWMConfig Insecure Temporary File Creation Vulnerability
BugTraq ID: 14624
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14624
Summary:
lm_sensors creates temporary files in an insecure manner. The issue
exists in the 'pwmconfig' script.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other attacks
may be possible as well.
lm_sensors version 2.9.1 is reportedly affected, however, other
versions may be vulnerable as well.
4. SLocate Local Database Corruption Vulnerability
BugTraq ID: 14640
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14640
Summary:
slocate is susceptible to a local database corruption vulnerability.
This issue is due to a failure of the application to handle unexpected
directory and filename input.
This issue presents itself when the affected utility attempts to index
specially crafted directory structures. The utility fails to handle the
directory structure, and fails to complete the indexing process.
This vulnerability allows local attackers to cause the premature
failure of the index process, resulting in an incomplete database. If the
database is used in further security, backup, or other critical functions,
incomplete data may result in the failure of services dependent on it.
This issue is reported in version 2.7 of slocate, but other versions
may also be affected.
5. HAURI Anti-Virus ACE Archive Handling Remote Buffer Overflow
Vulnerability
BugTraq ID: 14647
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14647
Summary:
HAURI Anti-Virus is affected by a remote buffer overflow vulnerability
when handling ACE archives.
An attacker can exploit this issue by crafting a malicious ACE archive
containing a specially crafted file name and sending this archive to a
vulnerable computer.
The attacker may exploit this vulnerability to gain unauthorized remote
access in the context of the superuser.
6. PADL Software PAM_LDAP Authentication Bypass Vulnerability
BugTraq ID: 14649
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14649
Summary:
PAM_LDAP is prone to an authentication bypass vulnerability when
handling new password policy control. This could allow an unauthorized user
to bypass authentication.
This vulnerability was reported to affect PAM_LDAP builds 169 through
179.
7. PAFileDB Auth.PHP SQL Injection Vulnerability
BugTraq ID: 14654
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14654
Summary:
paFileDB is prone to an SQL injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Exploitation of this issue may allow for compromise of the software,
session hijacking, or attacks against the underlying database. Other
attacks are also possible.
8. Tor Cryptographic Handshake Remote Information Disclosure
Vulnerability
BugTraq ID: 14659
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14659
Summary:
Tor is susceptible to a remote information disclosure vulnerability.
This issue is due to a flaw in the implementation of the Diffie-Hellman
key exchange protocol.
Specifically, certain values used during the Diffie-Hellman key
exchange protocol are insecure, and when used, lead to the ability of
attackers to access the negotiated encryption keys.
This vulnerability allows attackers to gain access to the negotiated
keys used to encrypt the communications between Tor servers and clients.
This allows attackers to read or modify all the traffic that is sent
from the targeted user over the Tor network. The anonymity,
confidentiality, and integrity guarantees of the network are lost through the
exploitation of this issue.
9. Apache CGI Byterange Request Denial of Service Vulnerability
BugTraq ID: 14660
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14660
Summary:
Apache is prone to a denial of service when handling large CGI
byterange requests.
10. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial
Of Service Vulnerability
BugTraq ID: 14661
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14661
Summary:
A local denial of service vulnerability affects the Linux kernel's ELF
header processing functionality on 64 bit x86 platforms.
A successful attack can allow a local attacker to trigger a denial of
service condition in the kernel.
This issue may be related to BID 11846 (Linux Kernel 64 Bit ELF Header
Local Denial Of Service Vulnerability). Due to a lack of information,
this cannot be confirmed at the moment. This BID will be retired if
further analysis reveals that the issues are identical.
11. Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
BugTraq ID: 14665
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14665
Summary:
Astaro Security Linux is prone to a weakness that may allow remote
attackers to connect to arbitrary ports on a vulnerable computer.
This weakness may be combined with other attacks to exploit latent
vulnerabilities. An attacker can bypass access controls implemented by the
application through this attack.
Astaro Security Linux 6.001 is prone to this weakness.
12. Simpleproxy Remote Syslog() Format String Vulnerability
BugTraq ID: 14666
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14666
Summary:
It is reported that simpleproxy contains a format string vulnerability.
This issue is due to a failure of the applications to properly sanitize
user-supplied input before using it as the format specifier in a
formatted printing function.
Successful exploitation of this issue will allow an attacker to execute
arbitrary code on the affected computer with the privileges of the
affected package. This application may be run as the superuser in order to
proxy privileged TCP ports.
Versions of simpleproxy prior to 3.4 are reported susceptible to this
vulnerability.
13. Nokia Affix BTSRV Device Name Remote Command Execution
Vulnerability
BugTraq ID: 14672
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14672
Summary:
Nokia Affix BTSRV is affected by a remote command execution
vulnerability.
An attacker can supply arbitrary commands through a device name and
have them executed in the context of the service. This can lead to a
complete compromise.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. POC /dev/input/event* keylogger
http://www.securityfocus.com/archive/91/409017
2. Cracking bigcrypt/crypt16 password hashes
http://www.securityfocus.com/archive/91/409016
3. Re[2]: Linux hardening
http://www.securityfocus.com/archive/91/409012
4. Xvfb Question
http://www.securityfocus.com/archive/91/409023
5. linux password cracking tools
http://www.securityfocus.com/archive/91/408915
6. Linux hardening
http://www.securityfocus.com/archive/91/408758
7. one time passwords
http://www.securityfocus.com/archive/91/408796
8. SMB : TCP/445 impossible to sniff a document sent to be printed to a
MS Spooler Server
http://www.securityfocus.com/archive/91/408574
9. OPIE
http://www.securityfocus.com/archive/91/408479
10. Content Filtering Firewall in Linux..
http://www.securityfocus.com/archive/91/408476
If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130