| Date: | Wed, 15 Mar 2006 17:02:05 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #277 |
SecurityFocus Linux Newsletter #277
----------------------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - SPI Dynamics
White Paper
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because SQL Injections are NOT
seen as intruders. Download this *FREE* white paper from SPI Dynamics for
a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543
------------------------------------------------------------------
I. FRONT AND CENTER
1. Human rights and wrongs online
2. Social engineering reloaded
II. LINUX VULNERABILITY SUMMARY
1. Freeciv Remote Denial Of Service Vulnerability
2. Sauerbraten Multiple Remote Vulnerabilities
3. Linux Kernel die_if_kernel Local Denial of Service
Vulnerability
4. Lurker Multiple Input Validation Vulnerabilities
5. Red Hat Initscripts Local Privilege Escalation Vulnerability
6. Retired - KPDF Multiple Unspecified Vulnerabilities
7. Peercast.org PeerCast Remote Buffer Overflow Vulnerability
8. Kerio MailServer Remote Denial of Service Vulnerability
9. GnuPG Incorrect Non-Detached Signature Verification
Vulnerability
10. Firebird Local Inet_Server Buffer Overflow Vulnerability
11. Linux Kernel ATM Module Inconsistent Reference Counts
Denial of Service Vulnerability
12. Linux Kernel Security Key Functions Local Copy_To_User Race
Vulnerability
13. Ubuntu Linux Local Installation Password Disclosure
Vulnerability
14. Drupal Multiple Input Validation Vulnerabilities
15. Linux Kernel IP ID Information Disclosure Weakness
III. LINUX FOCUS LIST SUMMARY
1. IPS HLBR 1.0 released (off-topic)
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Human rights and wrongs online
By Mark Rasch
A government's position on censorship used to protect its citizenry is
dictated by who they are. The well-popularized censorship of Internet
content in China by Google and other big players, and criticism of this
by the U.S. government, is really just the tip of the iceburg.
http://www.securityfocus.com/columnists/392
2. Social engineering reloaded
By Sarah Granger
The purpose of this article is to go beyond the basics and explore how
social engineering, employed as technology, has evolved over the past
few years. A case study of a typical Fortune 1000 company will be
discussed, putting emphasis on the importance of education about social
engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Freeciv Remote Denial Of Service Vulnerability
BugTraq ID: 16975
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16975
Summary:
The Freeciv game server is reported prone to a remote denial-of-service
vulnerability.
A remote attacker may exploit this issue to deny service for legitimate
users.
2. Sauerbraten Multiple Remote Vulnerabilities
BugTraq ID: 16986
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16986
Summary:
Sauerbraten is susceptible to multiple remote vulnerabilities:
- A buffer-overflow issue that affects both clients and servers.
- An invalid memory-access, denial-of-service issue that affects both
clients and servers.
- An invalid memory-access, denial-of-service issue that affects
servers.
- An invalid map-file-processing, denial-of-service issue that affects
clients.
These issues allow remote attackers to execute arbitrary machine code
in the context of an affected application. Attackers may also crash both
clients and servers, denying service to legitimate users.
3. Linux Kernel die_if_kernel Local Denial of Service Vulnerability
BugTraq ID: 16993
Remote: No
Date Published: 2006-03-05
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This issue is due to a design error and arises in the 'die_if_kernel()'
function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.6 running on
Itanium systems.
4. Lurker Multiple Input Validation Vulnerabilities
BugTraq ID: 17003
Remote: Yes
Date Published: 2006-03-07
Relevant URL: http://www.securityfocus.com/bid/17003
Summary:
Lurker is prone to multiple input-validation vulnerabilities. These
issues are due to failures in the application to properly sanitize
user-supplied input.
An attacker may leverage these issues to retrieve arbitrary files,
overwrite arbitrary files, and have arbitrary script code executed in the
browser of an unsuspecting user, all in the context of the affected
site. This may facilitate a compromise of the application and the theft of
cookie-based authentication credentials as well as other attacks.
5. Red Hat Initscripts Local Privilege Escalation Vulnerability
BugTraq ID: 17038
Remote: No
Date Published: 2006-03-08
Relevant URL: http://www.securityfocus.com/bid/17038
Summary:
The 'initscripts' package is prone to a local privilege-escalation
vulnerability.
The vulnerability presents itself because the application fails to
properly sanitize malicious data supplied through environment variables.
An attacker may exploit this issue to execute arbitrary commands with
superuser privileges.
6. Retired - KPDF Multiple Unspecified Vulnerabilities
BugTraq ID: 17039
Remote: Yes
Date Published: 2006-03-08
Relevant URL: http://www.securityfocus.com/bid/17039
Summary:
The 'kpdf' utility is prone to multiple unspecified security
vulnerabilities. The cause and impact of these issues are currently unknown.
All versions of kpdf are considered vulnerable at the moment. This BID
will update when more information becomes available.
These issues may be related to previously addressed issues in xpdf, an
application sharing a common codebase with kpdf, but were missed in
previous updates.
This issue is an extension of the issue discussed in BID 16143 (KPdf
and KWord Multiple Unspecified Buffer and Integer Overflow
Vulnerabilities) and is therefore being retired.
7. Peercast.org PeerCast Remote Buffer Overflow Vulnerability
BugTraq ID: 17040
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17040
Summary:
PeerCast is prone to a remote buffer-overflow vulnerability. This can
facilitate a remote compromise due to arbitrary code execution.
PeerCast 0.1215 and prior versions are vulnerable.
8. Kerio MailServer Remote Denial of Service Vulnerability
BugTraq ID: 17043
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17043
Summary:
Kerio MailServer is prone to a remote denial-of-service vulnerability.
This issue affects Kerio MailServer versions 6.1.3 and prior.
9. GnuPG Incorrect Non-Detached Signature Verification Vulnerability
BugTraq ID: 17058
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17058
Summary:
GnuPG is prone to a vulnerability involving incorrect verification of
non-detached signatures.
A successful attack can allow an attacker to simply take a signed
message and inject arbitrary data into it and bypass verification.
Note that this issue also affects verification of signatures embedded
in encrypted messages. Scripts and applications using gpg are affected,
as are applications using the GPGME library.
GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.
10. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:
Firebird is susceptible to a local buffer-overflow vulnerability. This
issue is due to the application's failure to properly check boundaries
of user-supplied command-line argument data before copying it to an
insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with
elevated privileges, because the affected binaries are often installed
with setuid privileges.
11. Linux Kernel ATM Module Inconsistent Reference Counts Denial of
Service Vulnerability
BugTraq ID: 17078
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This vulnerability affects the ATM module and allows local users to
panic the kernel by creating inconsistent reference counts, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.14.
12. Linux Kernel Security Key Functions Local Copy_To_User Race
Vulnerability
BugTraq ID: 17084
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition vulnerability
in its security-key functionality. This issue is due to a race
condition that allows attackers to modify an argument of a copy operation after
is has been validated, but before it is used.
This vulnerability allows local attackers to crash the kernel, denying
service to legitimate users. It may also allow attackers to read
portions of kernel memory, and thus gain access to potentially sensitive
information. This may aid them in further attacks.
13. Ubuntu Linux Local Installation Password Disclosure Vulnerability
BugTraq ID: 17086
Remote: No
Date Published: 2006-03-12
Relevant URL: http://www.securityfocus.com/bid/17086
Summary:
Ubuntu Linux is susceptible to a local password-disclosure
vulnerability. This issue is due to the installation system improperly storing
cleartext passwords in world-readable files.
This issue allows local attackers to gain access to the user account
that was created during the initial installation of Ubuntu. Since this
user is granted 'sudo' access to the superuser account, this potentially
allows local attackers to completely compromise affected computers.
14. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:
Drupal is prone to multiple input validation vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site, disclose sensitive information, hijack user sessions and
utilize a vulnerable Drupal installation as an email relay.
15. Linux Kernel IP ID Information Disclosure Weakness
BugTraq ID: 17109
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is susceptible to a remote information disclosure
weakness. This issue is due to an implementation flaw of a zero IP ID
information disclosure countermeasure.
This issue allows remote attackers to utilize affected computers in
stealth network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4 series
are affected by this weakness.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPS HLBR 1.0 released (off-topic)
http://www.securityfocus.com/archive/91/426920
V. SPONSOR INFORMATION
------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - SPI Dynamics
White Paper
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because SQL Injections are NOT
seen as intruders. Download this *FREE* white paper from SPI Dynamics for
a complete guide to protection!
https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543