| Date: | Tue, 14 Feb 2006 16:53:30 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #273 |
SecurityFocus Linux Newsletter #273
----------------------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack
Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your
server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white
paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f7
------------------------------------------------------------------
I. FRONT AND CENTER
1. Coffee shop WiFi for dummies
2. Sebek 3: tracking the attackers, part two
3. Privacy and anonymity
II. LINUX VULNERABILITY SUMMARY
1. Linux Kernel ICMP_Send Remote Denial Of Service
Vulnerability
2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
3. OProfile OPControl Path Specification Local Privilege
Escalation Vulnerability
4. Sun Java Web Start Untrusted Application Unauthorized Access
Vulnerability
5. Sun ONE Directory Server Remote Denial Of Service
Vulnerability
6. Adzapper Squid_Redirect URI Handling Remote Denial of
Service Vulnerability
7. GNUTLS LibTASN1 DER Decoding Denial of Service
Vulnerabilities
8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
9. ELOG Web Logbook Multiple Remote Vulnerabilities
10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution
Vulnerability
11. IBM Tivoli Directory Server Unspecified LDAP Memory
Corruption Vulnerability
12. Honeyd IP Reassembly Remote Virtual Host Detection
Vulnerability
13. Noweb Insecure Temporary File Creation Vulnerability
14. Valve Software Half-Life CSTRIKE Server Remote Denial of
Service Vulnerability
15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow
Vulnerability
16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
17. PostgreSQL Remote SET ROLE Privilege Escalation
Vulnerability
18. PostgreSQL Set Session Authorization Denial of Service
Vulnerability
III. LINUX FOCUS LIST SUMMARY
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Coffee shop WiFi for dummies
By Scott Granneman
The average user has no idea of the risks associated with public WiFi
hotspots. Here are some very simple tips for them to keep their network
access secure.
http://www.securityfocus.com/columnists/385
2. Sebek 3: tracking the attackers, part two
By Raul Siles, GSE
The second article in this honeypot series discusses best practices for
deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek
to watch all the attacker's activities in real-time.
http://www.securityfocus.com/infocus/1858
3. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are
difficult to achieve. Here are some of the the current issues we face,
along with a few suggestions on how we can become a little more anonymous
on the Web.
http://www.securityfocus.com/columnists/386
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
BugTraq ID: 16532
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16532
Summary:
Linux kernel is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this vulnerability to crash affected
kernels, effectively denying service to legitimate users.
Linux kernel versions 2.6.15.2 and prior in the 2.6 series are
vulnerable to this issue.
2. ProFTPD Mod_Radius Buffer Overflow Vulnerability
BugTraq ID: 16535
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16535
Summary:
ProFTPD's mod_radius is prone to a buffer-overflow vulnerability. This
issue is due to a failure in the application to properly bounds-check
user-supplied data before copying it to an insufficiently sized buffer.
Remote code execution may be possible, but it depends on an attacker's
ability to brute-force the resulting output of an MD5 hash to place
useful information into critical memory regions that are adjacent to the
overrun stack buffer.
3. OProfile OPControl Path Specification Local Privilege Escalation
Vulnerability
BugTraq ID: 16536
Remote: No
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16536
Summary:
OProfile is prone to a privilege-escalation vulnerability. The
application attempts to execute commands without properly specifying the
executable's location.
This issue allows local attackers to execute arbitrary commands. If the
vulnerable script is executable via privilege-escalation utilities such
as 'sudo', attackers may exploit this issue to execute arbitrary code
with superuser privileges.
4. Sun Java Web Start Untrusted Application Unauthorized Access
Vulnerability
BugTraq ID: 16540
Remote: Yes
Date Published: 2006-02-07
Relevant URL: http://www.securityfocus.com/bid/16540
Summary:
Sun Java Web Start is prone to a vulnerability that may allow remote
attackers to gain unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows untrusted
applications to gain read/write privileges to local files on a vulnerable
computer.
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 Update 5
and earlier 5.0 releases for Windows, Solaris, and Linux are
vulnerable.
5. Sun ONE Directory Server Remote Denial Of Service Vulnerability
BugTraq ID: 16550
Remote: Yes
Date Published: 2006-02-08
Relevant URL: http://www.securityfocus.com/bid/16550
Summary:
Sun ONE Directory Server is prone to a remote denial-of-service
vulnerability. This issue is due to the application's failure to handle
malformed network traffic.
This issue allows remote attackers to crash the application, denying
service to legitimate users.
6. Adzapper Squid_Redirect URI Handling Remote Denial of Service
Vulnerability
BugTraq ID: 16558
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16558
Summary:
Adzapper is prone to a remote denial-of-service vulnerability when
installed as a plugin in squid.
The vulnerability presents itself when a specially crafted URI is
handled.
Adzapper versions prior to 2006-01-29 are vulnerable.
7. GNUTLS LibTASN1 DER Decoding Denial of Service Vulnerabilities
BugTraq ID: 16568
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
Libtasn1 is prone to multiple denial-of-service vulnerabilities. A
remote attacker can send specifically crafted data to trigger these flaws,
leading to denial-of-service condition.
These issues have been addressed in Libtasn1 versions 0.2.18; earlier
versions are vulnerable.
8. Linux Kernel NFS ACL Access Control Bypass Vulnerability
BugTraq ID: 16570
Remote: Yes
Date Published: 2006-02-09
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is susceptible to a remote
access-control-bypass vulnerability. This issue is due to a failure to
validate the privileges of remote users before setting ACLs.
This issue allows remote attackers to improperly alter ACLs on NFS
filesystems, allowing them to bypass access controls. Disclosure of
sensitive information, modification of arbitrary files, and other attacks are
possible.
Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are
vulnerable to this issue.
9. ELOG Web Logbook Multiple Remote Vulnerabilities
BugTraq ID: 16579
Remote: Yes
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16579
Summary:
ELOG Web Logbook is prone to multiple remote vulnerabilities.
These issues include boundary-condition errors, denial-of-service
attacks, and information disclosure.
An attacker can exploit these issues to facilitate a compromise of the
application and the underlying computer. This includes crashing the
application, executing arbitrary code, and retrieving information that may
aid in further attacks.
10. SUSE LD Insecure RPATH / RUNPATH Arbitrary Code Execution
Vulnerability
BugTraq ID: 16581
Remote: No
Date Published: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16581
Summary:
SUSE LD is susceptible to an insecure RPATH / RUNPATH vulnerability.
This issue can allow attackers to place malicious libraries in a
directory and to trick users to execute an application from that directory,
which would be dynamically linked at run time when the application is
executed. This would result in the execution of arbitrary code with the
privileges of a user that executes the application.
Note that this issue is specific to SUSE.
11. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption
Vulnerability
BugTraq ID: 16593
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16593
Summary:
IBM Tivoli Directory Server is prone to an unspecified memory
corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time.
Although the issue is known to crash the server, the possibility of remote
code execution is unconfirmed.
The vulnerability was reported for version 6.0 on the Linux platform.
Other versions or platforms are not known to be affected.
This vulnerability will be updated as further information is made
available.
12. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
BugTraq ID: 16595
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16595
Summary:
Honeyd is prone to a virtual host-detection vulnerability.
The vulnerability presents itself in the IP reassembly code.
A successful attack may allow remote attackers to enumerate the
existence of simulated Honeyd hosts and then either target specific attacks
against these hosts or avoid them altogether.
This issue affects all versions of Honeyd prior to 1.5.
13. Noweb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16610
Remote: No
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other attacks
may be possible as well.
14. Valve Software Half-Life CSTRIKE Server Remote Denial of Service
Vulnerability
BugTraq ID: 16619
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16619
Summary:
Valve Software Half-Life CSTRIKE Dedicated Server is reportedly prone
to a remote denial-of-service vulnerability.
Half-Life CSTRIKE 1.6 Dedicated Server for Windows and Linux are prone
to this vulnerability. Earlier versions may also be affected.
15. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow
Vulnerability
BugTraq ID: 16626
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16626
Summary:
LibPNG is reported susceptible to a buffer-overflow vulnerability. The
library fails to perform proper bounds-checking of user-supplied input
before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied code
in the context of an application that relies on the affected library.
16. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be
triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time.
Although the issue is known to crash the server, the possibility of remote
code execution is unconfirmed.
The vulnerability was reported for version 11.3 on the Linux platform;
other versions and platforms may also be affected.
This vulnerability will be updated as further information is made
available.
17. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege escalation
vulnerability. This issue is due to a flaw in the error path of the 'SET ROLE'
function.
This issue allows remote attackers with database access to gain
administrative access to affected database servers. As administrative access
to the database allows filesystem access, other attacks against the
underlying operating system may also be possible.
18. PostgreSQL Set Session Authorization Denial of Service
Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to crash the application,
effectively denying service to legitimate users.
Successful exploitation of this issue requires that the application is
compiled with 'Asserts' enabled; this is not the default setting.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack
Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your
server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white
paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000C3f7