Date: Tue, 21 Mar 2006 17:07:50 -0700
From:"Peter Laborge" <plaborge@securityfocus.com>
To:linux-secnews@securityfocus.com
Subject: SecurityFocus Linux Newsletter #278
SecurityFocus Linux Newsletter #278
----------------------------------------

This Issue is Sponsored By: Cambia

Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual, 
time-consuming project-based compliance using continuous security compliance 
software. Save time leveraging this FREE white paper.

http://a.gklmedia.com/sfln/nl/125

------------------------------------------------------------------
I.   FRONT AND CENTER
        1. Encryption for the masses
        2. Social engineering reloaded
II.  LINUX VULNERABILITY SUMMARY
        1. Firebird Local Inet_Server Buffer Overflow Vulnerability
        2. Linux Kernel ATM Module Inconsistent Reference Counts Denial 
of Service Vulnerability
        3. Linux Kernel Security Key Functions Local Copy_To_User Race 
Vulnerability
        4. Ubuntu Linux Local Installation Password Disclosure 
Vulnerability
        5. CrossFire SetUp Remote Buffer Overflow Vulnerability
        6. Veritas Backup Exec Multiple Remote Denial of Service 
Vulnerabilities
        7. Drupal Multiple Input Validation Vulnerabilities
        8. Macromedia Flash Multiple Unspecified Security 
Vulnerabilities
        9. Linux Kernel IP ID Information Disclosure Weakness
        10. Debian GNU/Linux Local Information Disclosure Vulnerability
        11. Zoo Parse.c Local Buffer Overflow Vulnerability
        12. PHPWebSite Multiple SQL Injection Vulnerabilities
        13. cURL / libcURL TFTP URL Parser Buffer Overflow 
Vulnerability
        14. X.Org X Window Server Local Privilege Escalation 
Vulnerability
        15. FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
        16. Linux Kernel Netfilter Do_Replace Remote Buffer Overflow 
Vulnerability
        17. RunIt CHPST Privilege Escalation Vulnerability
        18. Util-VServer Unknown Linux Capabilities Vulnerability
III. LINUX FOCUS LIST SUMMARY
        1. Libnids
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Encryption for the masses
By Kelly Martin
File and disk encryption needs to be simple and easy if it's going to 
be used. This article looks at Apple's FileVault and takes a sneak peak 
at what's coming in Windows Vista.
http://www.securityfocus.com/columnists/393

2. Social engineering reloaded
By Sarah Granger
The purpose of this article is to go beyond the basics and explore how 
social engineering, employed as technology, has evolved over the past 
few years. A case study of a typical Fortune 1000 company will be 
discussed, putting emphasis on the importance of education about social 
engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860


II.  LINUX VULNERABILITY SUMMARY
------------------------------------
1. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:
Firebird is susceptible to a local buffer-overflow vulnerability. This 
issue is due to the application's failure to properly check boundaries 
of user-supplied command-line argument data before copying it to an 
insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary machine code with 
elevated privileges, because the affected binaries are often installed 
with setuid privileges.

2. Linux Kernel ATM Module Inconsistent Reference Counts Denial of 
Service Vulnerability
BugTraq ID: 17078
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

This vulnerability affects the ATM module and allows local users to 
panic the kernel by creating inconsistent reference counts, denying 
further service to legitimate users.

This issue affects Linux kernel versions prior to 2.6.14.

3. Linux Kernel Security Key Functions Local Copy_To_User Race 
Vulnerability
BugTraq ID: 17084
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition vulnerability 
in its security-key functionality. This issue is due to a race 
condition that allows attackers to modify an argument of a copy operation after 
is has been validated, but before it is used.

This vulnerability allows local attackers to crash the kernel, denying 
service to legitimate users. It may also allow attackers to read 
portions of kernel memory, and thus gain access to potentially sensitive 
information. This may aid them in further attacks.

4. Ubuntu Linux Local Installation Password Disclosure Vulnerability
BugTraq ID: 17086
Remote: No
Date Published: 2006-03-12
Relevant URL: http://www.securityfocus.com/bid/17086
Summary:
Ubuntu Linux is susceptible to a local password-disclosure 
vulnerability. This issue is due to the installation system improperly storing 
cleartext passwords in world-readable files.

This issue allows local attackers to gain access to the user account 
that was created during the initial installation of Ubuntu. Since this 
user is granted 'sudo' access to the superuser account, this potentially 
allows local attackers to completely compromise affected computers.

5. CrossFire SetUp Remote Buffer Overflow Vulnerability
BugTraq ID: 17093
Remote: Yes
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17093
Summary:
CrossFire is prone to a remote buffer-overflow vulnerability. This can 
facilitate a remote compromise due to arbitrary code execution.

CrossFire 1.9.0 and prior versions are vulnerable.

6. Veritas Backup Exec Multiple Remote Denial of Service 
Vulnerabilities
BugTraq ID: 17098
Remote: Yes
Date Published: 2006-03-17
Relevant URL: http://www.securityfocus.com/bid/17098
Summary:
Veritas Backup Exec is prone to multiple remote denial-of-service 
vulnerabilities.

These issues result in memory violations and memory exhaustion and lead 
to denial-of-service conditions in the affected applications. A restart 
is required to regain normal functionality in most cases.

Various versions of Backup Exec for Windows, Linux, and Netware are 
vulnerable.

7. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:
Drupal is prone to multiple input-validation vulnerabilities. These 
issues are due to a failure in the application to properly sanitize 
user-supplied input.

An attacker may leverage these issues to:

-  have arbitrary script code executed in the browser of an 
unsuspecting user in the context of the affected site
- access sensitive information
- hijack user sessions
- use a vulnerable Drupal installation as an email relay.

8. Macromedia Flash Multiple Unspecified Security Vulnerabilities
BugTraq ID: 17106
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17106
Summary:
The Macromedia Flash plug-in is susceptible to multiple unspecified 
vulnerabilities.

An attacker can potentially exploit these vulnerabilities to execute 
arbitrary code. The most likely vector of attack is through a malicious 
SWF file that has been designed to trigger the vulnerability and has 
been placed on a website. A denial-of-service condition may also occur.

Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are 
vulnerable to these issues.

9. Linux Kernel IP ID Information Disclosure Weakness
BugTraq ID: 17109
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is susceptible to a remote information-disclosure 
weakness. This issue is due to an implementation flaw of a zero 'ip_id' 
information-disclosure countermeasure.

This issue allows remote attackers to use affected computers in stealth 
network port and trust scans.

The Linux kernel 2.6 series, as well as some kernels in the 2.4 series, 
are affected by this weakness.

10. Debian GNU/Linux Local Information Disclosure Vulnerability
BugTraq ID: 17122
Remote: No
Date Published: 2006-03-15
Relevant URL: http://www.securityfocus.com/bid/17122
Summary:
Debian GNU/Linux is susceptible to a local information-disclosure 
vulnerability. This issue is due to the installation system improperly 
storing sensitive information in world-readable files.

This issue allows local users to gain access to sensitive information 
that may aid them in further attacks. If the affected computer was 
installed using an automated installation process, the pre-seeded superuser 
password may be available to attackers, facilitating the complete 
compromise of the computer.

11. Zoo Parse.c Local Buffer Overflow Vulnerability
BugTraq ID: 17126
Remote: No
Date Published: 2006-03-16
Relevant URL: http://www.securityfocus.com/bid/17126
Summary:
Zoo is prone to a local buffer-overflow vulnerability. This issue is 
due to a failure in the application to do proper bounds checking on 
user-supplied data before using it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code in the 
context of the victim user running the affected application to potentially 
gain elevated privileges.

12. PHPWebSite Multiple SQL Injection Vulnerabilities
BugTraq ID: 17150
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17150
Summary:
phpWebSite is prone to multiple SQL-injection vulnerabilities. These 
issues are due to a failure in the application to properly sanitize 
user-supplied input before using it in SQL queries.

A successful exploit could allow an attacker to compromise the 
application, access or modify data, or exploit vulnerabilities in the 
underlying database implementation.

13. cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability
BugTraq ID: 17154
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17154
Summary:
cURL and libcURL are prone to a buffer-overflow vulnerability. This 
issue is due to a failure in the library to perform proper bounds checks 
on user-supplied data before using it in a finite-sized buffer.

The issue occurs when the URL parser handles an excessively long URL 
string with a TFTP protocol prefix 'tftp://'.


An attacker can exploit this issue to crash the affected library, 
effectively denying service. Arbitrary code execution may also be possible, 
which may facilitate a compromise of the underlying system.

14. X.Org X Window Server Local Privilege Escalation Vulnerability
BugTraq ID: 17169
Remote: No
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17169
Summary:
The X.Org X Window server is prone to a privilege-escalation 
vulnerability.

A local attacker can exploit this issue to load arbitrary modules and 
execute them or overwrite arbitrary files with superuser privileges. 
This may facilitate a complete compromise of the affected computer.

15. FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
BugTraq ID: 17171
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17171
Summary:
FreeRADIUS is prone to an authentication-bypass vulnerability. The 
issue exists in the EAP-MSCHAPv2 state machine. Bypassing authentication 
could also cause the server to crash.

FreeRADIUS versions from 1.0.0 to 1.1.0 are vulnerable.

16. Linux Kernel Netfilter Do_Replace Remote Buffer Overflow 
Vulnerability
BugTraq ID: 17178
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
The Linux kernel is susceptible to a remote buffer-overflow 
vulnerability. This issue is due to the kernel's failure to properly bounds-check 
user-supplied input before using it in a memory copy operation.

This issue allows remote attackers to overwrite kernel memory with 
arbitrary data, potentially allowing them to execute malicious machine code 
in the context of affected kernels. This vulnerability facilitates the 
complete compromise of affected computers.

Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by 
this issue.

17. RunIt CHPST Privilege Escalation Vulnerability
BugTraq ID: 17179
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17179
Summary:
Runit is susceptible to a local privilege-escalation vulnerability. 
This issue is due to a flaw in the 'chpst' utility that results in 
programs gaining unintended, elevated group privileges.

This issue will have varying consequences depending on the nature of 
programs executed by the affected utility. Attackers exploiting latent 
vulnerabilities in applications may gain access to elevated group 
privileges.

Runit versions prior to 1.4.1 are affected by this issue. This affects 
only packages that are compiled with 16-bit gid_t types (such as when 
compiled with dietlibc).

18. Util-VServer Unknown Linux Capabilities Vulnerability
BugTraq ID: 17180
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17180
Summary:
The util-vserver package for the Linux-VServer project is susceptible 
to an unknown Linux capability vulnerability. The package fails to 
properly handle unknown Linux capabilities.

The exact consequences of this issue are currently unknown. They depend 
on the nature of the unknown capabilities and on the nature of the 
applications that use them. Hosted virtual servers may possibly gain 
inappropriate access to the hosting operating system.

III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Libnids
http://www.securityfocus.com/archive/91/428026

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia

Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual, 
time-consuming project-based compliance using continuous security compliance 
software. Save time leveraging this FREE white paper.

http://a.gklmedia.com/sfln/nl/125