| Date: | Tue, 17 Jan 2006 12:59:42 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #269 |
SecurityFocus Linux Newsletter #269
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into
Your Web Apps
The speed with which Web Applications are developed make them prime
targets for attackers, often these applications were developed so quickly
that they are not coded properly or subjected to any security testing.
Hackers know this and use it as their weapon. Download this *FREE* test
guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003P6V
------------------------------------------------------------------
I. FRONT AND CENTER
1. Wiretapping, FISA, and the NSA
2. Sebek 3: tracking the attackers, part one
II. LINUX VULNERABILITY SUMMARY
1. BSD SecureLevel Time Setting Security Restriction Bypass
Vulnerability
2. Bogofilter Multiple Remote Buffer Overflow Vulnerabilities
3. Dave Carrigan Auth_LDAP Remote Format String Vulnerability
4. Sudo Python Environment Variable Handling Security Bypass
Vulnerability
5. Stefan Frings SMS Server Tools Local Format String
Vulnerability
6. Petris Local Buffer Overflow Vulnerability
7. Clam Anti-Virus ClamAV UPX Compressed File Heap Buffer
Overflow Vulnerability
8. PostgreSQL Postmaster Denial Of Service Vulnerability
9. XMame Multiple Local Command Line Argument Buffer Overflow
Vulnerabilities
III. LINUX FOCUS LIST SUMMARY
1. Sendmail/Blacklists rejecting authenticated users
2. Hide internal address (Postfix)
3. IPS project - wanted translators
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Wiretapping, FISA, and the NSA
By Mark Rasch
U.S. wiretapping laws, FISA and Presidential powers given to the NSA to
intercept communications make for interesting times when coupled with
technology. What are the issues surrounding privacy, search, seizure and
surveillance?
http://www.securityfocus.com/columnists/379
2. Sebek 3: tracking the attackers, part one
By Raul Siles, GSE
The first of this two-part series will discuss what Sebek is and what
makes it so interesting, first by looking at the new capabilities of
version 3 and how it integrates with GenIII Honeynet infrastructures.
http://www.securityfocus.com/infocus/1855
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. BSD SecureLevel Time Setting Security Restriction Bypass
Vulnerability
BugTraq ID: 16170
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16170
Summary:
BSD securelevels are susceptible to a security restriction bypass
vulnerability that allows local attackers to set the system clock to any
arbitrary value.
This vulnerability allows local attackers to set the system clock to
any arbitrary value they desire, even those in the past, circumventing
the securelevel restriction. Various further attacks against
time-sensitive systems are then possible.
2. Bogofilter Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 16171
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16171
Summary:
Multiple remote buffer overflow vulnerabilities affect Bogofilter.
These issues are due to a failure of the application to properly handle
invalid input sequences and validate the length of user-supplied strings
prior to copying them into static process buffers.
An attacker may exploit these issue to cause a denial of service
condition. It may also be possible to execute arbitrary code with the
privileges of the vulnerable application. This may facilitate unauthorized
access or privilege escalation.
It should be noted that successful exploitation requires that
Bogofilter is used with an unicode database.
3. Dave Carrigan Auth_LDAP Remote Format String Vulnerability
BugTraq ID: 16177
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16177
Summary:
Dave Carrigan's auth_ldap is susceptible to a remote format string
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input prior to utilizing it in the
format-specifier of a formatted printing function.
These issues likely only arise if auth_ldap has been enabled and is
used for user authentication.
This issue allows remote attackers to execute arbitrary machine code in
the context of Apache Web servers that utilize the affected module.
This may facilitate the compromise of affected computers.
4. Sudo Python Environment Variable Handling Security Bypass
Vulnerability
BugTraq ID: 16184
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16184
Summary:
Sudo is prone to a security bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the application
when handling environment variables.
A local attacker with the ability to run Python scripts can exploit
this vulnerability to gain access to an interactive Python prompt.
Attackers may then execute arbitrary code with elevated privileges,
facilitating the complete compromise of affected computers.
An attacker must have the ability to run Python scripts through Sudo to
exploit this vulnerability.
This issue is similar to BID 15394 ( Sudo Perl Environment Variable
Handling Security Bypass Vulnerability).
5. Stefan Frings SMS Server Tools Local Format String Vulnerability
BugTraq ID: 16188
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16188
Summary:
A local format string vulnerability affects Stefan Frings SMS Server
Tools.
The problem presents itself when the affected application attempts to
log messages using a formatted print function. User-supplied input is
improperly sanitized prior to its inclusion in the format specifier
argument of a formatted print function.
An attacker may leverage this issue to execute arbitrary code with
superuser privileges, ultimately facilitating privilege escalation.
Version 1.14.8 of SMS Server Tools is vulnerable to this issue; other
versions may also be affected.
6. Petris Local Buffer Overflow Vulnerability
BugTraq ID: 16190
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16190
Summary:
petris is vulnerable to a locally exploitable buffer overflow
vulnerability. It has been reported that a local attacker may exploit this
condition to execute attacker-supplied code with group games privileges.
Due to a lack of information, further details cannot be provided at the
moment. This BID will be updated when more information becomes
available.
7. Clam Anti-Virus ClamAV UPX Compressed File Heap Buffer Overflow
Vulnerability
BugTraq ID: 16191
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16191
Summary:
ClamAV is prone to a heap buffer overflow vulnerability. This issue is
due to a failure of the application to properly bounds check
user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle compressed
UPX files.
Exploitation of this issue could allow attacker-supplied machine code
to be executed in the context of the affected application. The issue
would occur when the malformed file is scanned manually or automatically
in deployments such as email gateways.
8. PostgreSQL Postmaster Denial Of Service Vulnerability
BugTraq ID: 16201
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16201
Summary:
PostgreSQL is prone to a denial of service vulnerability. This issue is
due to a failure in the application to properly handle exceptional
conditions.
A remote attacker can exploit this issue to crash the postmaster
service, thus denying future connections until the service is manually
restarted.
This issue only affects PostgreSQL for Microsoft Windows.
9. XMame Multiple Local Command Line Argument Buffer Overflow
Vulnerabilities
BugTraq ID: 16203
Remote: No
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16203
Summary:
XMame is prone to locally exploitable buffer overflow vulnerabilities.
These issues are due to insufficient bounds checking of command line
parameters.
Successful exploitation on some systems could result in execution of
malicious instructions with elevated privileges, as XMame may be
installed with setuid-superuser privileges.
XMame version 0.102 is vulnerable to these issues; other versions may
also be affected.
This issue may be related to BID 7773 (XMame Lang Local Buffer Overflow
Vulnerability).
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Sendmail/Blacklists rejecting authenticated users
http://www.securityfocus.com/archive/91/421577
2. Hide internal address (Postfix)
http://www.securityfocus.com/archive/91/421374
3. IPS project - wanted translators
http://www.securityfocus.com/archive/91/421243
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into
Your Web Apps
The speed with which Web Applications are developed make them prime
targets for attackers, often these applications were developed so quickly
that they are not coded properly or subjected to any security testing.
Hackers know this and use it as their weapon. Download this *FREE* test
guide from SPI Dynamics to check for Web application vulnerabilities.
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003P6V