| Date: | Tue, 06 Dec 2005 14:20:09 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #263 |
SecurityFocus Linux Newsletter #263
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Evading NIDS, revisited
2. Regaining control
II. LINUX VULNERABILITY SUMMARY
1. Unalz Archive Filename Buffer Overflow Vulnerability
2. Sun Java Runtime Environment Multiple Privilege Escalation
Vulnerabilities
3. Linux Kernel PTraced Child Auto-Reap Local Denial of Service
Vulnerability
4. Linux Kernel Time_Out_Leases PrintK Local Denial of Service
Vulnerability
5. Perl Perl_sv_vcatpvfn Format String Integer Wrap
Vulnerability
6. Linux Kernel PTrace CLONE_THREAD Local Denial of Service
Vulnerability
7. Drupal Image Upload HTML Injection Vulnerability
8. Astaro Security Linux ISAKMP IKE Traffic Denial of Service
Vulnerability
9. Drupal View User Profile Authorization Bypass Vulnerability
10. Drupal Submitted Content HTML Injection Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Security, Distributed firewalling application...long ;-)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Evading NIDS, revisited
By Sumit Siddharth
This article looks at some of the most popular IDS evasion attack
techniques, based on fragmentation or using the TTL field. Snort's
configuration and response to these attacks will also be discussed.
http://www.securityfocus.com/infocus/1852
2. Regaining control
By Kelly Martin
Securing endpoint systems by locking them down using complex software
brings back memories of another era, where business computers were once
used for business applications only - and businesses retained control
over their assets and data.
http://www.securityfocus.com/columnists/372
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Unalz Archive Filename Buffer Overflow Vulnerability
BugTraq ID: 15577
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15577
Summary:
unalz is prone to a buffer overflow vulnerability. This issue is
exposed when the application extracts an ALZ archive that contains a file
with a long name.
This vulnerability could be exploited to execute arbitrary code in the
context of the user who extracts a malicious archive.
2. Sun Java Runtime Environment Multiple Privilege Escalation
Vulnerabilities
BugTraq ID: 15615
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15615
Summary:
Sun JRE is susceptible to various privilege escalation vulnerabilities.
These issues can allow remote Java applications to read/write local
files and execute arbitrary applications in the context of an affected
user.
Further details are not available at this time. This BID will be
updated as further information is disclosed.
3. Linux Kernel PTraced Child Auto-Reap Local Denial of Service
Vulnerability
BugTraq ID: 15625
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15625
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
The kernel improperly auto-reaps processes when they are being ptraced,
leading to an invalid pointer. Further operations on this pointer
result in a kernel crash.
This issue allows local users to crash the kernel, denying service to
legitimate users.
Kernel versions prior to 2.6.15 are vulnerable to this issue.
4. Linux Kernel Time_Out_Leases PrintK Local Denial of Service
Vulnerability
BugTraq ID: 15627
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15627
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
This issue is triggered by consuming excessive kernel log memory by
obtaining numerous file lock leases. Once the leases timeout, the event
will be logged, and kernel memory will be consumed.
This issue allows local attackers to consume excessive kernel memory,
eventually leading to an out-of-memory condition, and a denial of
service for legitimate users.
Kernel versions prior to 2.6.15-rc3 are vulnerable to this issue.
5. Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
BugTraq ID: 15629
Remote: Yes
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format string vulnerability. This issue is due
to a failure of the programming language to properly handle format
specifiers in formatted printing functions.
An attacker may leverage this issue to write to arbitrary process
memory, facilitating code execution in the context of the Perl interpreter
process. This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as
equivalently vulnerable to exploitation as the C library versions, and
properly sanitize all data passed in the format specifier argument.
All applications that utilize formatted printing functions in an unsafe
manner should be considered exploitable.
6. Linux Kernel PTrace CLONE_THREAD Local Denial of Service
Vulnerability
BugTraq ID: 15642
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15642
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
In instances where a process is created via the 'clone' system call
with the 'CLONE_THREAD' argument is ptraced, the kernel fails to properly
ensure that the ptracing process is not attempting to trace itself.
This issue allows local users to crash the kernel, denying service to
legitimate users.
Kernel versions prior to 2.6.14.2 are vulnerable to this issue.
7. Drupal Image Upload HTML Injection Vulnerability
BugTraq ID: 15663
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15663
Summary:
Drupal is prone to an HTML injection vulnerability. This is due to a
lack of proper sanitization of user-supplied input before using it in
dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected Web site, potentially allowing for theft of
cookie-based authentication credentials. An attacker could also exploit this issue
to control how the site is rendered to the user; other attacks are also
possible.
This issue is only present when using the Microsoft Internet Explorer
Web browser.
8. Astaro Security Linux ISAKMP IKE Traffic Denial of Service
Vulnerability
BugTraq ID: 15666
Remote: Yes
Date Published: 2005-11-30
Relevant URL: http://www.securityfocus.com/bid/15666
Summary:
Astaro Security Linux is prone to a denial of service when handling
malformed IKE traffic.
It is conjectured that the issue can occur if a packet with a malformed
payload is sent during an IKE exchange causing the daemon to crash.
9. Drupal View User Profile Authorization Bypass Vulnerability
BugTraq ID: 15674
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15674
Summary:
Drupal is prone to an authorization bypass vulnerability. This issue
is due to an unspecified error when the application is running under
PHP5.
An attacker can exploit this vulnerability to bypass permissions and
gain access to user profiles; this may result in information disclosure.
10. Drupal Submitted Content HTML Injection Vulnerability
BugTraq ID: 15677
Remote: Yes
Date Published: 2005-12-01
Relevant URL: http://www.securityfocus.com/bid/15677
Summary:
Drupal is prone to an HTML injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected Web site, potentially allowing for theft of
cookie-based authentication credentials. An attacker could also exploit this issue
to control how the site is rendered to the user; other attacks are also
possible.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Security, Distributed firewalling application...long ;-)
http://www.securityfocus.com/archive/91/418029
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130