| Date: | Tue, 10 Jan 2006 16:44:31 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #268 |
SecurityFocus Linux Newsletter #268
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into
Your Web Apps
The speed with which Web Applications are developed make them prime
targets for attackers, often these applications were developed so quickly
that they are not coded properly or subjected to any security testing.
Hackers know this and use it as their weapon. Download this *FREE* test
guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003P6V
------------------------------------------------------------------
I. FRONT AND CENTER
1. Zero-day holiday
II. LINUX VULNERABILITY SUMMARY
1. MTink Home Environment Variable Buffer Overflow Vulnerability
2. Drupal URL-Encoded Input HTML Injection Vulnerability
3. File::ExtAttr Extended File Attribute Off-By-One Buffer
Overflow Vulnerability
4. Gentoo Pinentry Local Privilege Escalation Vulnerability
5. Linux Kernel SET_MEMPOLICY Local Denial of Service
Vulnerability
6. Linux Kernel FIB_LOOKUP Denial of Service Vulnerability
7. Linux Kernel Sysctl_String Local Buffer Overflow
Vulnerability
8. Linux Kernel DVB Driver Local Buffer Overflow Vulnerability
9. KPdf and KWord Multiple Unspecified Buffer and Integer
Overflow Vulnerabilities
10. HylaFAX Remote PAM Authentication Bypass Vulnerability
11. Hylafax Multiple Scripts Remote Command Execution
Vulnerability
12. Apache mod_auth_pgsql Multiple Format String Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Hide internal address (Postfix)
2. IPS project - wanted translators
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Zero-day holiday
By Kelly Martin
A few hundred million Windows XP machines lay vulnerable on the Web
today, a week after a zero-day exploit was discovered. Meanwhile, new
approaches and ideas from the academic world - that focus exclusively on
childen - may give us hope for the future after all.
http://www.securityfocus.com/columnists/377
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. MTink Home Environment Variable Buffer Overflow Vulnerability
BugTraq ID: 16095
Remote: No
Date Published: 2005-12-31
Relevant URL: http://www.securityfocus.com/bid/16095
Summary:
A buffer overflow vulnerability affects MTink. This vulnerability may
permit local attackers to execute arbitrary code with superuser
privileges.
2. Drupal URL-Encoded Input HTML Injection Vulnerability
BugTraq ID: 16117
Remote: Yes
Date Published: 2006-01-01
Relevant URL: http://www.securityfocus.com/bid/16117
Summary:
Drupal is prone to an HTML injection vulnerability when handling
URL-encoded HTML and script code in message content. This issue is due to a
failure in the application to properly sanitize user-supplied input
before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected Web site, potentially allowing for theft of
cookie-based authentication credentials. An attacker could also exploit this issue
to control how the site is rendered to the user; other attacks are also
possible.
3. File::ExtAttr Extended File Attribute Off-By-One Buffer Overflow
Vulnerability
BugTraq ID: 16118
Remote: No
Date Published: 2006-01-02
Relevant URL: http://www.securityfocus.com/bid/16118
Summary:
File::ExtAttr is prone to an off-by-one buffer overflow vulnerability.
This issue may occur when the module is used to read extended file
attributes of untrusted files.
Exploitation of the issue could potentially result in a denial of
service in the module or may allow for execution of arbitrary code.
4. Gentoo Pinentry Local Privilege Escalation Vulnerability
BugTraq ID: 16120
Remote: No
Date Published: 2006-01-03
Relevant URL: http://www.securityfocus.com/bid/16120
Summary:
pinentry is prone to a local privilege escalation vulnerability.
Successful exploitation can allow a pinentry user to read or write
arbitrary files with the privileges of group ID 0.
5. Linux Kernel SET_MEMPOLICY Local Denial of Service Vulnerability
BugTraq ID: 16135
Remote: No
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16135
Summary:
Linux kernel is prone to a local denial of service vulnerability.
This issue affects the 'set_mempolicy' function of the 'mm/mempolicy.c'
file.
Successful exploitation causes the kernel to crash, leading to a denial
of service condition.
6. Linux Kernel FIB_LOOKUP Denial of Service Vulnerability
BugTraq ID: 16139
Remote: Yes
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16139
Summary:
Linux kernel is prone to a denial of service vulnerability.
This issue arises when the kernel handles specially crafted fib_lookup
netlink messages.
Successful exploitation may allow remote attackers to trigger a denial
of service condition. Local exploitation may be possible as well.
7. Linux Kernel Sysctl_String Local Buffer Overflow Vulnerability
BugTraq ID: 16141
Remote: No
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16141
Summary:
Linux kernel is prone to a local buffer overflow vulnerability. This
issue is due to an off-by-one error in the sysctl subsystem.
A successful attack may result in a denial of service condition or
possibly arbitrary code execution in the context of the local kernel.
Linux kernel versions prior to 2.6.15 in the 2.6 series are considered
vulnerable to this issue.
8. Linux Kernel DVB Driver Local Buffer Overflow Vulnerability
BugTraq ID: 16142
Remote: No
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16142
Summary:
Linux kernel is prone to a local buffer overflow vulnerability. This
issue is due to a flaw in the DVB (Digital Video Broadcasting) driver
subsystem. This issue is only exploitable on computers with the affected
DVB module compiled, enabled, and accessible to local malicious users.
A successful attack may result in a denial of service condition or
possibly arbitrary code execution in the context of the local kernel.
Linux kernel versions prior to 2.6.15 in the 2.6 series are considered
vulnerable to this issue.
9. KPdf and KWord Multiple Unspecified Buffer and Integer Overflow
Vulnerabilities
BugTraq ID: 16143
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
KPdf and KWord are prone to multiple buffer and integer overflows.
Successful exploitation could result in arbitrary code execution in the
context of the user running the vulnerable application.
Specific details of these issues are not currently available. This
record will be updated when more information becomes available.
kdegraphics and KPdf versions 3.4.3 and earlier and KOffice and KWord
versions 1.4.2 and earlier are vulnerable.
10. HylaFAX Remote PAM Authentication Bypass Vulnerability
BugTraq ID: 16150
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16150
Summary:
The HylaFAX daemon is reported prone to a vulnerability that could
allow unauthorized access to the HylaFAX service. It is reported that the
issue presents itself due to a flaw in its PAM (Pluggable Authentication
Modules) usage.
A remote attacker may exploit this vulnerability to gain unauthorized
access to the affected service.
11. Hylafax Multiple Scripts Remote Command Execution Vulnerability
BugTraq ID: 16151
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16151
Summary:
Hylafax is vulnerable to multiple arbitrary command execution
vulnerabilities. This issue is due to a failure in the application to properly
sanitize user-supplied input.
These vulnerabilities allow an attacker to execute arbitrary commands
in the context of the affected application. Successful exploitation may
facilitate a compromise of the underlying system.
12. Apache mod_auth_pgsql Multiple Format String Vulnerabilities
BugTraq ID: 16153
Remote: Yes
Date Published: 2006-01-06
Relevant URL: http://www.securityfocus.com/bid/16153
Summary:
mod_auth_pgsql is prone to multiple format string vulnerabilities.
These issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in the format-specification
argument of formatted printing functions.
These issues could allow remote attackers to execute arbitrary code in
the context of the Web server user and gain unauthorized access.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Hide internal address (Postfix)
http://www.securityfocus.com/archive/91/421374
2. IPS project - wanted translators
http://www.securityfocus.com/archive/91/421243
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into
Your Web Apps
The speed with which Web Applications are developed make them prime
targets for attackers, often these applications were developed so quickly
that they are not coded properly or subjected to any security testing.
Hackers know this and use it as their weapon. Download this *FREE* test
guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003P6V