| Date: | Tue, 27 Dec 2005 15:53:06 -0700 |
From: | "Conrad Schilbe" <cschilbe@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #266 |
SecurityFocus Linux Newsletter #266
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Tracked by cellphone
II. LINUX VULNERABILITY SUMMARY
1. Dropbear SSH Server Remote Buffer Overflow Vulnerability
2. ELOG Web Logbook Multiple Remote Buffer Overflow
Vulnerabilities
3. Extensis Portfolio Netpublish Server Server.NP Directory
Traversal Vulnerability
4. Blender BlenLoader File Processing Integer Overflow
Vulnerability
5. RedHat Enterprise Linux UDEV Insecure Permissions
Vulnerability
6. VMWare Remote Arbitrary Code Execution Vulnerability
7. Network Block Device Server Buffer Overflow Vulnerability
8. Httprint HTTP Response Handling Multiple Vulnerabilities
9. Linux Kernel Local Socket Buffer Memory Exhaustion Denial of
Service Vulnerability
10. Linux Kernel IP6_Input_Finish Remote Denial Of Service
Vulnerability
11. Linux Kernel ICMP_Push_Reply Remote Denial Of Service
Vulnerability
12. Mantis Multiple Unspecified Remote Vulnerabilities
13. RSSH RSSH_CHROOT_HELPER Local Privilege Escalation
Vulnerability
14. SCPOnly Multiple Local Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Obsidis n°1 released!
2. SF new article announcement: OpenSSH cutting edge
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Tracked by cellphone
By Mark Rasch
We know that technology can be used to track people's location via a
cellphone, but how difficult is it for law enforcement to get a court
order and do this legally?
http://www.securityfocus.com/columnists/376
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Dropbear SSH Server Remote Buffer Overflow Vulnerability
BugTraq ID: 15923
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15923
Summary:
Dropbear SSH Server is prone to a remote buffer overflow vulnerability.
Specifically, the vulnerability presents itself when the application
handles excessive string data supplied by an authenticated user.
A successful attack may facilitate arbitrary code execution.
Exploitation of this vulnerability may allow an attacker to gain superuser access
to the computer.
Dropbear SSH Server versions prior to 0.47 are affected.
2. ELOG Web Logbook Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15932
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15932
Summary:
ELOG Web Logbook is prone to two remote buffer overflow
vulnerabilities. These issues exist due to a lack of sufficient boundary checks
performed on user-supplied data.
These issues allow remote attackers to execute arbitrary machine code
in the context of the vulnerable server process.
This issue affects version 2.6.0. Prior versions may also be affected.
3. Extensis Portfolio Netpublish Server Server.NP Directory Traversal
Vulnerability
BugTraq ID: 15974
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15974
Summary:
Portfolio Netpublish Server is prone to a directory traversal
vulnerability. This issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this issue to retrieve arbitrary files in the
context of the affected application. Information obtained may aid in
further attacks against the underlying system; other attacks are also
possible.
Netpublish Server 7 is vulnerable; other versions may also be affected.
4. Blender BlenLoader File Processing Integer Overflow Vulnerability
BugTraq ID: 15981
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15981
Summary:
Blender is susceptible to an integer overflow vulnerability. This issue
is due to a failure of the application to properly sanitize
user-supplied input prior to using it in a memory allocation and copy operation.
This issue allows attackers to execute arbitrary machine code in the
context of the user running the affected application.
5. RedHat Enterprise Linux UDEV Insecure Permissions Vulnerability
BugTraq ID: 15994
Remote: No
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15994
Summary:
RedHat Enterprise Linux is susceptible to an insecure permissions
vulnerability. This issue is due to a flaw in the udev package that
improperly creates '/dev/input' files.
This issue allows local attackers to improperly access files in
'/dev/input'. This allows them to sniff user-supplied keyboard and mouse
input. Information gathered through this issue, such as passwords, will aid
malicious users in further attacks.
6. VMWare Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 15998
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/15998
Summary:
Multiple VMWare products are affected by a remote arbitrary code
execution vulnerability.
Successful exploitation can allow an attacker to execute arbitrary code
on the vulnerable computer hosting VMWare. This may result in a
complete compromise.
This issue affects VMWare Workstation, VMWare GSX Server, VMWare ACE,
and VMWare Player.
7. Network Block Device Server Buffer Overflow Vulnerability
BugTraq ID: 16029
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/16029
Summary:
NBD is prone to a remote buffer overflow vulnerability. This issue is
due to a failure in the server to do proper bounds checking on
user-supplied data before using it in finite sized buffers.
An attacker can exploit this issue to execute arbitrary code in the
context of the affected application. This may facilitate a compromise of
the underlying system.
8. Httprint HTTP Response Handling Multiple Vulnerabilities
BugTraq ID: 16031
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16031
Summary:
httprint is prone to multiple remote vulnerabilities.
The first issue may allow remote attackers to execute arbitrary HTML
and script code in a user's browser.
The second issue may allow remote attackers to crash an instance of the
application.
httprint version 202 is vulnerable to these issues.
9. Linux Kernel Local Socket Buffer Memory Exhaustion Denial of Service
Vulnerability
BugTraq ID: 16041
Remote: No
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16041
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
This issue is due to a failure of the kernel to properly check and
enforce memory resource constraints.
This issue is triggered by consuming excessive kernel memory by
creating multiple sockets with large kernel buffers.
This issue allows local attackers to consume excessive kernel memory,
eventually leading to an out-of-memory condition, and a denial of
service for legitimate users.
Although only kernel versions 2.4.22, and 2.6.12 are reported
vulnerable to this issue, all 2.4 and 2.6 versions of the Linux kernel are
considered to be affected at this time.
10. Linux Kernel IP6_Input_Finish Remote Denial Of Service
Vulnerability
BugTraq ID: 16043
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16043
Summary:
Linux kernel is prone to a remote denial of service vulnerability.
Remote attackers can exploit this to leak kernel memory. Successful
exploitation will result in a crash of the kernel, effectively denying
service to legitimate users.
Linux kernel versions 2.6.12.5 and prior in the 2.6 series are
vulnerable to this issue.
11. Linux Kernel ICMP_Push_Reply Remote Denial Of Service Vulnerability
BugTraq ID: 16044
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16044
Summary:
Linux kernel is prone to a remote denial of service vulnerability.
Remote attackers can exploit this to leak kernel memory. Successful
exploitation will result in a crash of the kernel, effectively denying
service to legitimate users.
Linux kernel versions 2.6.12.5 and prior in the 2.6 series are
vulnerable to this issue.
12. Mantis Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 16046
Remote: Yes
Date Published: 2005-12-22
Relevant URL: http://www.securityfocus.com/bid/16046
Summary:
Mantis is prone to multiple remote vulnerabilities.
These issues arise in Mantis versions prior to 0.19.4, and 1.0.0rc4.
These issues can allow attackers to disclose sensitive information,
carry out cross-site scripting, HTML injection, SQL injection attacks.
Arbitrary PHP script code execution may be possible, as well as other
attacks.
This BID will be updated or split into individual records as further
information is disclosed.
13. RSSH RSSH_CHROOT_HELPER Local Privilege Escalation Vulnerability
BugTraq ID: 16050
Remote: No
Date Published: 2005-12-23
Relevant URL: http://www.securityfocus.com/bid/16050
Summary:
rssh is prone to a local privilege escalation vulnerability.
Local attackers can gain superuser privileges due to having the ability
to chroot to arbitrary locations as the application facilitates
subverting the chroot location.
rssh versions 2.0.0 to 2.2.3 are vulnerable to this issue.
14. SCPOnly Multiple Local Vulnerabilities
BugTraq ID: 16051
Remote: No
Date Published: 2005-12-23
Relevant URL: http://www.securityfocus.com/bid/16051
Summary:
scponly is prone to multiple local vulnerabilities. These issues can
allow local attackers to gain elevated privileges.
The application is affected by a design error affecting the 'scponlyc'
binary.
An attacker can also issue malicious command line arguments to rsync or
scp to execute arbitrary applications with elevated privileges.
Successful exploitation of these issues can facilitate a complete
compromise.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Obsidis n°1 released!
http://www.securityfocus.com/archive/91/420151
2. SF new article announcement: OpenSSH cutting edge
http://www.securityfocus.com/archive/91/419888
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight
Analyzer
is a free service that gives you the ability to track and manage
attacks.
Analyzer automatically correlates attacks from various Firewall and
network
based Intrusion Detection Systems, giving you a comprehensive view of
your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130