| Date: | Tue, 24 Jan 2006 17:01:56 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #269 |
SecurityFocus Linux Newsletter #269
----------------------------------------
This Issue is Sponsored By: Klocwork
IMPROVE SOFTWARE QUALITY AND REDUCE COSTS
New White Paper from Klocwork: Improve software quality and reduce
life-cycle costs by incorporating Static Analysis tools into your routine
development processes. Results: More maintainable code, more secure,
reliable software and a more predictable development process. Download
White Paper.
http://a.gklmedia.com/sfln/nl/109
------------------------------------------------------------------
I. FRONT AND CENTER
1. How not to respond to a security advisory
2. Tech support woes
II. LINUX VULNERABILITY SUMMARY
1. GNU Mailman Large Date Data Denial Of Service Vulnerability
2. GRSecurity Elevated Service Privileges Weakness
3. Mozilla Thunderbird File Attachment Spoofing Vulnerability
4. Antiword Insecure Temporary File Creation Vulnerabilities
5. Linux Kernel mq_open System Call Unspecified Denial of
Service Vulnerability
6. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
7. Linux Kernel DM-Crypt Local Information Disclosure
Vulnerability
8. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access
Vulnerability
9. F-Secure Multiple Archive Handling Vulnerabilities
10. ELOG Web Logbook Multiple Remote Input Validation
Vulnerabilities
11. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Sendmail/Blacklists rejecting authenticated users
2. Hide internal address (Postfix)
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. How not to respond to a security advisory
By Jason Miller
A recently announced weakness in the BSD securelevel system isn't going
to be fixed in OpenBSD. While securelevel may have problems, the
vendor's security response is unacceptable and doesn't fit with their stated
goals.
http://www.securityfocus.com/columnists/380
2. Tech support woes
By Scott Granneman
Technical support that's outsourced to foreign countries can cause
frustration and have a negative impact on security when the problems remain
unsolved.
http://www.securityfocus.com/columnists/381
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. GNU Mailman Large Date Data Denial Of Service Vulnerability
BugTraq ID: 16248
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16248
Summary:
GNU Mailman is prone to a denial of service attack. This issue affects
the email date parsing functionality of Mailman.
The vulnerability could be triggered by mailing list posts and will
impact the availability of mailing lists hosted by the application.
2. GRSecurity Elevated Service Privileges Weakness
BugTraq ID: 16261
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16261
Summary:
The grsecurity patch may improperly allow services to run with elevated
privileges. This issue is due to a failure of the kernel to properly
drop administrative roles.
This issue may lead to a false sense of security by allowing network
services that are intended to have limited privileges to have
administrative privileges. The exact repercussions of this issue depend on the
particular function of the services running with elevated privileges.
Privileges granted to services depend on the configured administrative
role.
Attackers may exploit latent vulnerabilities in network services, and
compromise the underlying computer. This is due to the targeted service
having elevated privileges that are not intended.
3. Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing
vulnerability.
Successful exploitation may allow attackers to place malicious files on
a user's computer by tricking users into saving seemingly safe
attachments. If the user subsequently opens the file, this vulnerability may
facilitate arbitrary code execution in the context of the user.
Thunderbird versions prior to 1.5 are affected.
4. Antiword Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 16278
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16278
Summary:
Antiword creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other attacks
may be possible as well.
5. Linux Kernel mq_open System Call Unspecified Denial of Service
Vulnerability
BugTraq ID: 16283
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16283
Summary:
Linux kernel mq_open system call is prone to a local denial of service
vulnerability. Further information is not currently available. This
record will be updated when more details are disclosed.
This issue affects Linux kernel 2.6.9. Earlier kernel versions may be
affected.
6. Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
BugTraq ID: 16284
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16284
Summary:
The Linux kernel is affected by a local memory disclosure
vulnerability.
This issue allows an attacker to read kernel memory. Information
gathered via exploitation may aid malicious users in further attacks.
This issue affectes the 2.6 series of the Linux kernel, prior to
2.6.15.
7. Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel dm-crypt module is susceptible to a local information
disclosure vulnerability. This issue is due to a failure of the module
to properly zero sensitive memory buffers prior to freeing the memory.
This issue may allow local attackers to gain access to potentially
sensitive memory that contains information on the cryptographic key
utilized for the encrypted storage. This may aid them in further attacks.
This issue affects the 2.6 series of the Linux kernel.
8. Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access
Vulnerability
BugTraq ID: 16304
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access validation
vulnerability in the SDLA driver.
This issue allows local users with the 'CAP_NET_ADMIN' capability, but
without the 'CAP_SYS_RAWIO' capability to read and write to the SDLA
device firmware. This may cause a denial of service issue if attackers
write an invalid firmware. Other attacks may also be possibly by writing
modified firmware files.
9. F-Secure Multiple Archive Handling Vulnerabilities
BugTraq ID: 16309
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16309
Summary:
F-Secure is prone to multiple vulnerabilities when handling archives of
various formats.
The application is affected by a remote buffer overflow vulnerability
when handling malformed ZIP archives. A successful attack can
facilitate arbitrary code execution and result in a full compromise.
Specially crafted ZIP and RAR archives can also bypass detection. This
may result in arbitrary code execution or a malicious code infection.
10. ELOG Web Logbook Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 16315
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16315
Summary:
ELOG is prone to multiple remote vulnerabilities. These issues can
allow remote attackers to execute arbitrary code and gain access to
sensitive information.
The following vulnerabilities were identified:
A format string vulnerability exists in the 'write_logfile()' function.
ELOG is prone to a directory traversal vulnerability as well.
ELOG versions prior to 2.6.1 are vulnerable.
11. Ecartis PantoMIME Arbitrary Attachment Upload Vulnerability
BugTraq ID: 16317
Remote: Yes
Date Published: 2006-01-19
Relevant URL: http://www.securityfocus.com/bid/16317
Summary:
Ecartis is prone to an arbitrary attachment upload vulnerability.
This vulnerability presents itself when the PantoMIME functionality has
been enabled.
The issue arises because unauthorized users who are not subscribed to a
mailing list can send email attachments that will be saved in the
PantoMIME directory. This can allow attackers to place arbitrary files on a
vulnerable server.
Ecartis version 1.0.0 snapshot 20050909 is reportedly vulnerable.
Other versions may be affected as well.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Sendmail/Blacklists rejecting authenticated users
http://www.securityfocus.com/archive/91/421577
2. Hide internal address (Postfix)
http://www.securityfocus.com/archive/91/421374
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Klocwork
IMPROVE SOFTWARE QUALITY AND REDUCE COSTS
New White Paper from Klocwork: Improve software quality and reduce
life-cycle costs by incorporating Static Analysis tools into your routine
development processes. Results: More maintainable code, more secure,
reliable software and a more predictable development process. Download
White Paper.
http://a.gklmedia.com/sfln/nl/109