Date: Tue, 24 Jan 2006 17:01:56 -0700
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #269
SecurityFocus Linux Newsletter #269
----------------------------------------

This Issue is Sponsored By: Klocwork

IMPROVE SOFTWARE QUALITY AND REDUCE COSTS
New White Paper from Klocwork: Improve software quality and reduce 
life-cycle costs by incorporating Static Analysis tools into your routine 
development processes. Results: More maintainable code, more secure, 
reliable software and a more predictable development process. Download 
White Paper.

http://a.gklmedia.com/sfln/nl/109

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. How not to respond to a security advisory
       2. Tech support woes
II.  LINUX VULNERABILITY SUMMARY
       1. GNU Mailman Large Date Data Denial Of Service Vulnerability
       2. GRSecurity Elevated Service Privileges Weakness
       3. Mozilla Thunderbird File Attachment Spoofing Vulnerability
       4. Antiword Insecure Temporary File Creation Vulnerabilities
       5. Linux Kernel mq_open System Call Unspecified Denial of 
Service Vulnerability
       6. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
       7. Linux Kernel DM-Crypt Local Information Disclosure 
Vulnerability
       8. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access 
Vulnerability
       9. F-Secure Multiple Archive Handling Vulnerabilities
       10. ELOG Web Logbook Multiple Remote Input Validation 
Vulnerabilities
       11. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
III. LINUX FOCUS LIST SUMMARY
       1. Sendmail/Blacklists rejecting authenticated users
       2. Hide internal address (Postfix)
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. How not to respond to a security advisory
By Jason Miller
A recently announced weakness in the BSD securelevel system isn't going 
to be fixed in OpenBSD. While securelevel may have problems, the 
vendor's security response is unacceptable and doesn't fit with their stated 
goals.
http://www.securityfocus.com/columnists/380

2. Tech support woes
By Scott Granneman
Technical support that's outsourced to foreign countries can cause 
frustration and have a negative impact on security when the problems remain 
unsolved.
http://www.securityfocus.com/columnists/381


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. GNU Mailman Large Date Data Denial Of Service Vulnerability
BugTraq ID: 16248
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16248
Summary:
GNU Mailman is prone to a denial of service attack.  This issue affects 
the email date parsing functionality of Mailman.

The vulnerability could be triggered by mailing list posts and will 
impact the availability of mailing lists hosted by the application.

2. GRSecurity Elevated Service Privileges Weakness
BugTraq ID: 16261
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16261
Summary:
The grsecurity patch may improperly allow services to run with elevated 
privileges. This issue is due to a failure of the kernel to properly 
drop administrative roles.

This issue may lead to a false sense of security by allowing network 
services that are intended to have limited privileges to have 
administrative privileges. The exact repercussions of this issue depend on the 
particular function of the services running with elevated privileges. 
Privileges granted to services depend on the configured administrative 
role.

Attackers may exploit latent vulnerabilities in network services, and 
compromise the underlying computer. This is due to the targeted service 
having elevated privileges that are not intended.

3. Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing 
vulnerability.  

Successful exploitation may allow attackers to place malicious files on 
a user's computer by tricking users into saving seemingly safe 
attachments.  If the user subsequently opens the file, this vulnerability may 
facilitate arbitrary code execution in the context of the user.

Thunderbird versions prior to 1.5 are affected.

4. Antiword Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 16278
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16278
Summary:
Antiword creates temporary files in an insecure manner.

Exploitation would most likely result in loss of data or a denial of 
service if critical files are overwritten in the attack. Other attacks 
may be possible as well. 


5. Linux Kernel mq_open System Call Unspecified Denial of Service 
Vulnerability
BugTraq ID: 16283
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16283
Summary:
Linux kernel mq_open system call is prone to a local denial of service 
vulnerability.  Further information is not currently available.  This 
record will be updated when more details are disclosed.

This issue affects Linux kernel 2.6.9.  Earlier kernel versions may be 
affected.


6. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
BugTraq ID: 16284
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16284
Summary:
The Linux kernel is affected by a local memory disclosure 
vulnerability.

This issue allows an attacker to read kernel memory. Information 
gathered via exploitation may aid malicious users in further attacks.

This issue affectes the 2.6 series of the Linux kernel, prior to 
2.6.15.

7. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel dm-crypt module is susceptible to a local information 
disclosure vulnerability. This issue is due to a failure of the module 
to properly zero sensitive memory buffers prior to freeing the memory.

This issue may allow local attackers to gain access to potentially 
sensitive memory that contains information on the cryptographic key 
utilized for the encrypted storage. This may aid them in further attacks.

This issue affects the 2.6 series of the Linux kernel.

8. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access 
Vulnerability
BugTraq ID: 16304
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access validation 
vulnerability in the SDLA driver.

This issue allows local users with the 'CAP_NET_ADMIN' capability, but 
without the 'CAP_SYS_RAWIO' capability to read and write to the SDLA 
device firmware. This may cause a denial of service issue if attackers 
write an invalid firmware. Other attacks may also be possibly by writing 
modified firmware files.

9. F-Secure Multiple Archive Handling Vulnerabilities
BugTraq ID: 16309
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16309
Summary:
F-Secure is prone to multiple vulnerabilities when handling archives of 
various formats.

The application is affected by a remote buffer overflow vulnerability 
when handling malformed ZIP archives.  A successful attack can 
facilitate arbitrary code execution and result in a full compromise.

Specially crafted ZIP and RAR archives can also bypass detection.  This 
may result in arbitrary code execution or a malicious code infection.

10. ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 16315
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16315
Summary:
ELOG is prone to multiple remote vulnerabilities.  These issues can 
allow remote attackers to execute arbitrary code and gain access to 
sensitive information.

The following vulnerabilities were identified:

A format string vulnerability exists in the 'write_logfile()' function.

ELOG is prone to a directory traversal vulnerability as well.

ELOG versions prior to 2.6.1 are vulnerable.

11. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
BugTraq ID: 16317
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16317
Summary:
Ecartis is prone to an arbitrary attachment upload vulnerability.

This vulnerability presents itself when the PantoMIME functionality has 
been enabled.

The issue arises because unauthorized users who are not subscribed to a 
mailing list can send email attachments that will be saved in the 
PantoMIME directory.  This can allow attackers to place arbitrary files on a 
vulnerable server.

Ecartis version 1.0.0 snapshot 20050909 is reportedly vulnerable.  
Other versions may be affected as well.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Sendmail/Blacklists rejecting authenticated users
http://www.securityfocus.com/archive/91/421577

2. Hide internal address (Postfix)
http://www.securityfocus.com/archive/91/421374

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Klocwork

IMPROVE SOFTWARE QUALITY AND REDUCE COSTS
New White Paper from Klocwork: Improve software quality and reduce 
life-cycle costs by incorporating Static Analysis tools into your routine 
development processes. Results: More maintainable code, more secure, 
reliable software and a more predictable development process. Download 
White Paper.

http://a.gklmedia.com/sfln/nl/109