Date: | Tue, 21 Feb 2006 16:12:50 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #274 |
SecurityFocus Linux Newsletter #274
----------------------------------------
This Issue is Sponsored By: Cambia
Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual,
time-consuming project-based compliance using continuous security compliance
software. Save time leveraging this FREE white paper.
http://a.gklmedia.com/sfln/nl/125
------------------------------------------------------------------
I. FRONT AND CENTER
1. Strict liability for data breaches?
2. Privacy and anonymity
II. LINUX VULNERABILITY SUMMARY
1. IBM Tivoli Directory Server Unspecified LDAP Memory
Corruption Vulnerability
2. Honeyd IP Reassembly Remote Virtual Host Detection
Vulnerability
3. Noweb Insecure Temporary File Creation Vulnerability
4. Metamail Message Processing Remote Buffer Overflow
Vulnerability
5. Valve Software Half-Life CSTRIKE Server Remote Denial of
Service Vulnerability
6. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow
Vulnerability
7. Isode M-Vault Server LDAP Memory Corruption Vulnerability
8. PostgreSQL Remote SET ROLE Privilege Escalation
Vulnerability
9. PostgreSQL Set Session Authorization Denial of Service
Vulnerability
10. GnuPG Detached Signature Verification Bypass Vulnerability
11. Dovecot Double Free Denial of Service Vulnerability
12. Heimdal TelnetD Denial Of Service Vulnerability
13. BomberClone Error Messages Buffer Overflow Vulnerability
14. Snort Frag3 Processor Fragmented Packet Detection Evasion
Vulnerability
15. Mozilla Thunderbird Address Book Import Remote Denial of
Service Vulnerability
16. Bugzilla Whinedays SQL Injection Vulnerability
17. Bugzilla User Credentials Information Disclosure
Vulnerability
18. XPDF Multiple Unspecified Vulnerabilities
19. SquirrelMail Multiple Cross-Site Scripting and IMAP
Injection Vulnerabilities
20. Linux Kernel SDLA_XFER Kernel Memory Disclosure
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Kryptor Whitepaper released
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Strict liability for data breaches?
By Mark Rasch
A recent case involving a stolen laptop containing 550,000 people's
full credit information sheds new night on what "reasonable" protections a
company must make to secure its customer data - and what customers need
to prove in order to sue for damages.
http://www.securityfocus.com/columnists/387
2. Privacy and anonymity
By Kelly Martin
Privacy and anonymity on the Internet are as important as they are
difficult to achieve. Here are some of the the current issues we face,
along with a few suggestions on how we can become a little more anonymous
on the Web.
http://www.securityfocus.com/columnists/386
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. IBM Tivoli Directory Server Unspecified LDAP Memory Corruption
Vulnerability
BugTraq ID: 16593
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16593
Summary:
IBM Tivoli Directory Server is prone to an unspecified memory
corruption. This issue may be triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time.
Although the issue is known to crash the server, the possibility of remote
code execution is unconfirmed.
The vulnerability was reported for version 6.0 on the Linux platform.
Other versions or platforms are not known to be affected.
This vulnerability will be updated as further information is made
available.
2. Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
BugTraq ID: 16595
Remote: Yes
Date Published: 2006-02-11
Relevant URL: http://www.securityfocus.com/bid/16595
Summary:
Honeyd is prone to a virtual host-detection vulnerability.
The vulnerability presents itself in the IP reassembly code.
A successful attack may allow remote attackers to enumerate the
existence of simulated Honeyd hosts and then either target specific attacks
against these hosts or avoid them altogether.
This issue affects all versions of Honeyd prior to 1.5.
3. Noweb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16610
Remote: No
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other attacks
may be possible as well.
4. Metamail Message Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 16611
Remote: Yes
Date Published: 2006-02-12
Relevant URL: http://www.securityfocus.com/bid/16611
Summary:
Metamail is prone to a remote buffer overflow vulnerability.
This issue arises when the application handles messages with large
string values for boundaries.
This can cause memory corruption and trigger a crash in the
application. Although unconfirmed, this issue may lead to arbitrary code
execution.
Metamail 2.7 is reportedly vulnerable, however, other versions may be
affected as well.
5. Valve Software Half-Life CSTRIKE Server Remote Denial of Service
Vulnerability
BugTraq ID: 16619
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16619
Summary:
Valve Software Half-Life CSTRIKE Dedicated Server is reportedly prone
to a remote denial-of-service vulnerability.
Half-Life CSTRIKE 1.6 Dedicated Server for Windows and Linux are prone
to this vulnerability. Earlier versions may also be affected.
6. LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow
Vulnerability
BugTraq ID: 16626
Remote: Yes
Date Published: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16626
Summary:
LibPNG is reported susceptible to a buffer-overflow vulnerability. The
library fails to perform proper bounds-checking of user-supplied input
before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied code
in the context of an application that relies on the affected library.
7. Isode M-Vault Server LDAP Memory Corruption Vulnerability
BugTraq ID: 16635
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16635
Summary:
Isode M-Vault Server is prone to a memory corruption. This issue may be
triggered by malformed LDAP data.
The exact impact of this vulnerability is not known at this time.
Although the issue is known to crash the server, the possibility of remote
code execution is unconfirmed.
The vulnerability was reported for version 11.3 on the Linux platform;
other versions and platforms may also be affected.
This vulnerability will be updated as further information is made
available.
8. PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege-escalation
vulnerability. This issue is due to a flaw in the error path of the 'SET ROLE'
function.
This issue allows remote attackers with database access to gain
administrative access to affected database servers. Since such access also
allows filesystem access, other attacks against the underlying operating
system may also be possible.
9. PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Date Published: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause a loss of service to other
database users. Repeated attacks will result in a prolonged
denial-of-service condition.
Successful exploitation of this issue requires that the application be
compiled with 'Asserts' enabled; this is not the default setting.
10. GnuPG Detached Signature Verification Bypass Vulnerability
BugTraq ID: 16663
Remote: Yes
Date Published: 2006-02-15
Relevant URL: http://www.securityfocus.com/bid/16663
Summary:
GnuPG is affected by a detached signature verification-bypass
vulnerability. This issue is due to the application's failure to properly notify
scripts that an invalid detached signature was presented and that the
verification process has failed.
This issue allows attackers to bypass the signature-verification
process used in some automated scripts. Depending on the use of GnuPG, this
may result in a false sense of security, the installation of malicious
packages, the execution of attacker-supplied code, or other attacks.
11. Dovecot Double Free Denial of Service Vulnerability
BugTraq ID: 16672
Remote: Yes
Date Published: 2006-02-15
Relevant URL: http://www.securityfocus.com/bid/16672
Summary:
Dovecot is prone to a double-free vulnerability that may allow
attackers to trigger a denial-of- service condition.
Dovecot versions prior to 1.0 beta3 are vulnerable.
12. Heimdal TelnetD Denial Of Service Vulnerability
BugTraq ID: 16676
Remote: Yes
Date Published: 2006-02-15
Relevant URL: http://www.securityfocus.com/bid/16676
Summary:
Heimdal 'telnetd' is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause telnetd to crash,
subsequently triggering 'inetd' to temporarily limit further telnetd requests,
effectively denying service to legitimate users.
13. BomberClone Error Messages Buffer Overflow Vulnerability
BugTraq ID: 16697
Remote: Yes
Date Published: 2006-02-16
Relevant URL: http://www.securityfocus.com/bid/16697
Summary:
BomberClone is prone to a buffer-overflow vulnerability. This issue is
due to a failure in the application to perform proper boundary checks
on user-supplied data before storing it in a finite sized buffer.
This issue may be exploited to execute arbitrary code in the context of
the user who is running the application.
Version 0.11.6.2 is vulnerable; other versions may also be affected.
14. Snort Frag3 Processor Fragmented Packet Detection Evasion
Vulnerability
BugTraq ID: 16705
Remote: Yes
Date Published: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16705
Summary:
Snort is reportedly prone to a vulnerability that may allow malicious
packets to bypass detection.
Reports indicate that the Frag3 preprocessor fails to properly analyze
certain packets.
A successful attack can allow attackers to bypass intrusion detection
and to carry out attacks against computers protected by Snort.
This vulnerability affects Snort 2.4.3. Other versions may be
vulnerable as well.
15. Mozilla Thunderbird Address Book Import Remote Denial of Service
Vulnerability
BugTraq ID: 16716
Remote: Yes
Date Published: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16716
Summary:
Mozilla Thunderbird is prone to a remote denial-of-service
vulnerability.
The issue presents itself when the application handles a specially
crafted address book file.
Mozilla Thunderbird 1.5 is reportedly affected by this issue. Other
versions may be vulnerable as well.
16. Bugzilla Whinedays SQL Injection Vulnerability
BugTraq ID: 16738
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16738
Summary:
Bugzilla is prone to an SQL-injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
Exploitation of this issue requires the attacker to have administrative
access to the affected application.
17. Bugzilla User Credentials Information Disclosure Vulnerability
BugTraq ID: 16745
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16745
Summary:
Bugzilla is prone to an information disclosure vulnerability. This
issue is due to a design error in the application.
An attacker can exploit this issue by tricking a victim user into
following a malicious URI and retrieve the victim user's login credentials.
Successful exploitation of this issue requires the name of the path
where the login page resides, resolves to a computer on the local network
of the victim user.
18. XPDF Multiple Unspecified Vulnerabilities
BugTraq ID: 16748
Remote: Yes
Date Published: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16748
Summary:
xpdf is reportedly prone to multiple unspecified security
vulnerabilities. The cause and impact of these issues are currently unknown.
All versions of xpdf are considered to be vulnerable at the moment.
This BID will update when more information becomes available.
19. SquirrelMail Multiple Cross-Site Scripting and IMAP Injection
Vulnerabilities
BugTraq ID: 16756
Remote: Yes
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16756
Summary:
SquirrelMail is susceptible to multiple cross-site scripting and IMAP
injection vulnerabilities. These issues are due to a failure of the
application to properly sanitize user-supplied input.
An attacker may leverage any of the cross-site scripting issues to have
arbitrary script code executed in the browser of an unsuspecting user
in the context of the affected site. This may facilitate the theft of
cookie-based authentication credentials as well as other attacks.
An attacker may leverage the IMAP injection issue to execute arbitrary
IMAP commands on the configured IMAP server. This may aid the attacker
in further attacks as well as allow them to exploit latent
vulnerabilities in the IMAP server.
20. Linux Kernel SDLA_XFER Kernel Memory Disclosure Vulnerability
BugTraq ID: 16759
Remote: No
Date Published: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16759
Summary:
The Linux kernel is affected by a local memory-disclosure
vulnerability.
This issue allows an attacker to read kernel memory. Information
gathered via exploitation may aid malicious users in further attacks.
This issue affects kernel versions 2.4.x up to 2.4.29-rc1, and 2.6.x up
to 2.6.5.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Kryptor Whitepaper released
http://www.securityfocus.com/archive/91/425067
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia
Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual,
time-consuming project-based compliance using continuous security compliance
software. Save time leveraging this FREE white paper.
http://a.gklmedia.com/sfln/nl/125