Date: Wed, 23 Nov 2005 16:19:13 -0700
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #261
SecurityFocus Linux Newsletter #261
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Sony-baloney
II.  LINUX VULNERABILITY SUMMARY
       1. Horde Unspecified Error Message Cross-Site Scripting 
Vulnerability
       2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir 
Restriction Bypass Vulnerabilities
       3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction 
Bypass Vulnerability
       4. PHPsysInfo Multiple Input Validation Vulnerabilities
       5. Openswan IKE Traffic Denial Of Service Vulnerabilities
       6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
       7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
       8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service 
Vulnerability
       9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
       10. Opera Web Browser HTML Form Status Bar Misrepresentation 
Vulnerability
       11. GNU gnump3d CGI And Cookie Parameter Directory Traversal 
Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. Kryptor for Linux released
       2. Automatic Password Generator Tools on Unix Platform
       3. SF new column announcement: Linux worm overrated
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Sony-baloney
By Scott Granneman
The Sony story brings up dozens of questions about where we are headed 
with DRM issues and security, and what's really at stake.
http://www.securityfocus.com/columnists/370


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Horde Unspecified Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 15409
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15409
Summary:
Horde is prone to an unspecified cross-site scripting vulnerability.  
This issue is related to how Horde renders error messages.

Successful exploitation could let an attacker inject hostile HTML and 
script code into the browser session of another user in the context of 
the site hosting Horde.  This could allow for theft of cookie-based 
authentication credentials or other attacks.

2. PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction 
Bypass Vulnerabilities
BugTraq ID: 15411
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15411
Summary:
PHP cURL and GD are prone to multiple safe_mode and open_basedir 
restriction bypass vulnerabilities.  Successful exploitation could lead to 
disclosure of sensitive information.

This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other 
versions may also be vulnerable.

3. PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass 
Vulnerability
BugTraq ID: 15413
Remote: No
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15413
Summary:
PHP on Apache 2 is prone to a restriction bypass vulnerability when 
calling 'virtual()'.  Successful exploitation could lead to disclosure of 
sensitive information.

This issue is reported to affect PHP versions 4.4.0 and 5.0.5; other 
versions may also be vulnerable.


4. PHPsysInfo Multiple Input Validation Vulnerabilities
BugTraq ID: 15414
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15414
Summary:
phpSysinfo is prone to multiple input validation vulnerabilities. These 
are due to a lack of proper sanitization of user-supplied input.

phpSysinfo is prone to a local file include vulnerability, an HTTP 
response splitting vulnerability, and cross-site scripting attacks.

An attacker may exploit these vulnerabilities to access files within 
the context of the Web server application, poison Web proxy server 
caches, and execute arbitrary HTML and script code within the context of the 
victim's Web browser.

Other attacks are also possible.

It should be noted that the cross-site scripting issues are not 
exploitable on Debian systems.


5. Openswan IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial of service vulnerabilities in 
their ISAKMP implementation.

These issues were discovered with the PROTOS ISAKMP Test Suite and are 
related to handling of malformed IKEv1 traffic.

The vulnerabilities are believed to affect Openswan 2.x releases prior 
to 2.4.2.


6. PNMToPNG Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue 
is due to a failure of the application to properly bounds check 
user-supplied data prior to copying it to an insufficiently sized memory 
buffer. This issue reportedly only occurs when the '-alpha' command line 
option is utilized.

This issue allows attackers to create malicious PNM files, that when 
parsed by the affected utility, allow arbitrary machine code to be 
executed. This occurs in the context of the user running the affected 
utility.

7. GDK-Pixbuf XPM Images Integer Overflow Vulnerability
BugTraq ID: 15428
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15428
Summary:
A remote integer overflow vulnerability affects gdk-pixbuf.

When an application that uses the vulnerable library processes a 
malformed XPM file, the application will crash, denying service to legitimate 
users.  It may also be possible for the attacker to exploit this issue 
to execute arbitrary code with the privileges of the application 
utilizing the vulnerable library.

8. GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service 
Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability.  
This issue occurs when an application utilizing one of the affected 
libraries handles a malformed XPM image file.  

Exploitation could cause an application utilizing a vulnerable library 
to enter an infinite loop, resulting in a denial of service.

9. GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.

When an application that utilizes a vulnerable library processes a 
malformed XPM image file, it results in a heap-based buffer overflow.  An 
attacker can exploit this vulnerability to execute arbitrary code in the 
context of the victim user.

10. Opera Web Browser HTML Form Status Bar Misrepresentation 
Vulnerability
BugTraq ID: 15472
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15472
Summary:
A vulnerability has been identified in Opera Web browser that allows an 
attacker to misrepresent the status bar in the browser, allowing 
vulnerable users to be mislead into following a link to a malicious site.

This vulnerability would most likely be exploited through HTML e-mail, 
though other attack vectors exist such as HTML injection attacks in 
third-party Web applications.

11. GNU gnump3d CGI And Cookie Parameter Directory Traversal 
Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.

Very little information is available on this issue.  It is conjectured 
an attacker can exploit this vulnerability to retrieve or corrupt 
arbitrary files, this may aid in further attacks against the underlying 
system; other attacks are also possible.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor for Linux released
http://www.securityfocus.com/archive/91/417236

2. Automatic Password Generator Tools on Unix Platform
http://www.securityfocus.com/archive/91/417235

3. SF new column announcement: Linux worm overrated
http://www.securityfocus.com/archive/91/416253

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight 
Analyzer
is a free service that gives you the ability to track and manage 
attacks.
Analyzer automatically correlates attacks from various Firewall and 
network
based Intrusion Detection Systems, giving you a comprehensive view of 
your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130