| Date: | Tue, 07 Mar 2006 15:43:42 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #276 |
SecurityFocus Linux Newsletter #276
----------------------------------------
This Issue is Sponsored By: Cambia
Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT
policy compliance by as much as 90%, while improving your security posture.
Cambia.s agentless software continuously discovers all changes to
network assets, intelligently determines which changes pose a risk to
security and compliance and works with administrators to fix breaches
quickly.
http://a.gklmedia.com/sfln/nl/125
------------------------------------------------------------------
I. FRONT AND CENTER
1. The big DRM mistake
2. The value of vulnerabilities
II. LINUX VULNERABILITY SUMMARY
1. PHPWebSite Topics.PHP SQL Injection Vulnerability
2. MySQL Query Logging Bypass Vulnerability
3. Mozilla Thunderbird Multiple Remote Information Disclosure
Vulnerabilities
4. OpenSSH Remote PAM Denial Of Service Vulnerability
5. Flex Multiple Unspecified Vulnerabilities
6. NCP Secure Client Multiple Vulnerabilities
7. IRSSI DCC ACCEPT Denial of Service Vulnerability
8. Apache mod_python FileSession Code Execution Vulnerability
9. Linux Kernel XFS File System Local Information Disclosure
Vulnerability
10. Linux Kernel NFS Client Denial of Service Vulnerability
11. Linux Kernel sys_mbind System Call Local Denial of Service
Vulnerability
12. Linux Kernel ELF File Entry Point Denial of Service
Vulnerability
13. Kaspersky Anti-Virus Unspecified Denial Of Service
Vulnerability
14. WordPress User-Agent SQL Injection Vulnerability
15. Multiple Router Vendor Remote IRC Denial Of Service
Vulnerability
16. Linux Kernel die_if_kernel Local Denial of Service
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. IPS HLBR 1.0 released (off-topic)
2. New SecurityFocus article published.
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. The big DRM mistake
By Scott Granneman
Digital Rights Managements hurts paying customers, destroys Fair Use
rights, renders customers' investments worthless, and can always be
defeated. Why are consumers and publishers being forced to use DRM?
http://www.securityfocus.com/columnists/390
2. The value of vulnerabilities
By Jason Miller
There is value in finding vulnerabilities. Yet many people believe that
a vulnerability doesn't exist until it is disclosed to the public. We
know that vulnerabilities need to be disclosed, but what role do vendors
have to make these issues public?
http://www.securityfocus.com/columnists/391
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. PHPWebSite Topics.PHP SQL Injection Vulnerability
BugTraq ID: 16825
Remote: Yes
Date Published: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16825
Summary:
phpWebSite is prone to an SQL-injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
2. MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Date Published: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This
issue is due to a discrepency between the handling of NULL bytes in input
data.
This issue allows attackers to bypass the query-logging functionality
of the database so they can cause malicious SQL queries to be improperly
logged. This may help them hide the traces of malicious activity from
administrators.
This issue affects MySQL version 5.0.18; other versions may also be
affected.
3. Mozilla Thunderbird Multiple Remote Information Disclosure
Vulnerabilities
BugTraq ID: 16881
Remote: Yes
Date Published: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
Mozilla Thunderbird is susceptible to multiple remote
information-disclosure vulnerabilities. These issues are due to the application's
failure to properly enforce the restriction for downloading remote content in
email messages.
These issues allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers may also
exploit these issues to know whether and when users read email messages.
Mozilla Thunderbird version 1.5 is vulnerable to these issues; other
versions may also be affected.
4. OpenSSH Remote PAM Denial Of Service Vulnerability
BugTraq ID: 16892
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16892
Summary:
OpenSSH is susceptible to a remote denial-of-service vulnerability.
This issue is due to a design flaw when handling connections when
configured to use OpenPAM authentication system.
This issue may be exploited by remote attackers to deny SSH service to
legitimate users.
OpenSSH in conjunction with OpenPAM on FreeBSD versions 5.3 and 5.4 are
affected by this issue. Other operating systems and versions may also
be affected.
5. Flex Multiple Unspecified Vulnerabilities
BugTraq ID: 16896
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16896
Summary:
Flex is reportedly prone to multiple unspecified security
vulnerabilities. The cause and impact of these issues are currently unknown.
Flex versions 2.5.31 and prior are vulnerable.
6. NCP Secure Client Multiple Vulnerabilities
BugTraq ID: 16906
Remote: Yes
Date Published: 2006-03-01
Relevant URL: http://www.securityfocus.com/bid/16906
Summary:
NCP Secure Client is susceptible to multiple vulnerabilities.
The following issues have been identified:
- Firewall rules designed to allow only specific applications to access
the network may be bypassed.
- Some applications are prone to local command-line-argument
buffer-overflow vulnerabilities.
- The VPN client is susceptible to a remote denial-of-service
vulnerability.
- The VPN client is susceptible to a local privilege-escalation
vulnerability.
These issues allow local attackers to gain SYSTEM-level privileges,
allowing them to completely compromise affected computers. Remote
attackers may consume excessive CPU resources, denying service to legitimate
users.
NCP Secure Client version 8.11 Build 146 on the Microsoft Windows
platform is vulnerable to these issues; other versions may also be affected.
7. IRSSI DCC ACCEPT Denial of Service Vulnerability
BugTraq ID: 16913
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16913
Summary:
The irssi client is prone to a denial-of-service vulnerability. The
issue occurs when handling malicious DCC transfers.
Versions 0.8.9 and 0.8.10rc5 of irssi are vulnerable; other versions
may also be affected.
8. Apache mod_python FileSession Code Execution Vulnerability
BugTraq ID: 16916
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16916
Summary:
Apache mod_python is prone to a code-execution vulnerability.
Presumably, this issue can be exploited remotely through a specially
crafted session cookie. However, conflicting details also suggest that
only local attackers can exploit this vulnerability. This information
will be updated when more details become available.
A successful attack may facilitate a remote compromise in the context
of the server. Local attacks may be possible as well.
9. Linux Kernel XFS File System Local Information Disclosure
Vulnerability
BugTraq ID: 16921
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16921
Summary:
The Linux kernel's XFS filesystem is susceptible to a local
information-disclosure vulnerablity. This issue is due to a flaw in the filesystem
that may result in previously written data being returned to local
users.
This issue allows local malicious users to gain access to potentially
sensitive data, aiding them in further attacks.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
10. Linux Kernel NFS Client Denial of Service Vulnerability
BugTraq ID: 16922
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16922
Summary:
Linux kernel NFS client is prone to a denial of service vulnerability.
An unprivileged local user can cause panic the NFS client and cause it
to fail.
This issue was addressed in Linux kernel 2.6.15.5; earlier versions are
vulnerable.
11. Linux Kernel sys_mbind System Call Local Denial of Service
Vulnerability
BugTraq ID: 16924
Remote: No
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16924
Summary:
The Linux kernel 'sys_mbind' system call is prone to a local
denial-of-service vulnerability. This issue is due to a lack of proper input
sanitization in the system call's arguments.
This issue allows local users to panic the kernel, denying further
service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.5.
12. Linux Kernel ELF File Entry Point Denial of Service Vulnerability
BugTraq ID: 16925
Remote: Yes
Date Published: 2006-03-02
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
Linux kernel is prone to a denial of service vulnerability when
processing a malformed ELF file. This issue only occurs on Intel EM64T
processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
13. Kaspersky Anti-Virus Unspecified Denial Of Service Vulnerability
BugTraq ID: 16942
Remote: Yes
Date Published: 2006-03-03
Relevant URL: http://www.securityfocus.com/bid/16942
Summary:
Kaspersky Anti-Virus is prone to a denial of service vulnerability.
This is due to a failure in the application to handle unspecified files.
Attackers could cause the application to consume excessive CPU and
memory resources, resulting in a denial of service.
Versions 5.0.5, and 5.5.3 of Kaspersky Anti-Virus for Unix are
vulnerable to this issue; other versions and platforms may also be affected.
Further details about this vulnerability are currently unavailable.
This BID will be updated as more information is disclosed.
14. WordPress User-Agent SQL Injection Vulnerability
BugTraq ID: 16950
Remote: Yes
Date Published: 2006-03-04
Relevant URL: http://www.securityfocus.com/bid/16950
Summary:
WordPress is prone to an SQL injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in SQL queries.
Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an attacker to
exploit vulnerabilities in the underlying database implementation.
This issue affects WordPress version 1.5.2; prior versions may also be
affected.
15. Multiple Router Vendor Remote IRC Denial Of Service Vulnerability
BugTraq ID: 16954
Remote: Yes
Date Published: 2006-03-04
Relevant URL: http://www.securityfocus.com/bid/16954
Summary:
Linksys and Netgear routers are susceptible to a remote IRC denial of
service vulnerability. This issue is due to a failure of the devices to
properly handle unexpected network traffic.
This issue allows remote attackers to disconnect IRC sessions, denying
service to legitimate users.
Linksys WRT54G routers are vulnerable to this issue. Routers running
with the vxWorks-based operating system, and not the Linux-based
operating systems are reportedly affected. Specific device and firmware version
information is not currently available. This BID will be updated as
further information is disclosed.
16. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
BugTraq ID: 16993
Remote: No
Date Published: 2006-03-05
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue is due to a design error and arises in the 'die_if_kernel()'
function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.6 running on
Itanium systems.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPS HLBR 1.0 released (off-topic)
http://www.securityfocus.com/archive/91/426920
2. New SecurityFocus article published.
http://www.securityfocus.com/archive/91/426453
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia
Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT
policy compliance by as much as 90%, while improving your security posture.
Cambia.s agentless software continuously discovers all changes to
network assets, intelligently determines which changes pose a risk to
security and compliance and works with administrators to fix breaches
quickly.
http://a.gklmedia.com/sfln/nl/125