Date: | Tue, 21 Mar 2006 17:07:50 -0700 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #278 |
SecurityFocus Linux Newsletter #278
----------------------------------------
This Issue is Sponsored By: Cambia
Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual,
time-consuming project-based compliance using continuous security compliance
software. Save time leveraging this FREE white paper.
http://a.gklmedia.com/sfln/nl/125
------------------------------------------------------------------
I. FRONT AND CENTER
1. Encryption for the masses
2. Social engineering reloaded
II. LINUX VULNERABILITY SUMMARY
1. Firebird Local Inet_Server Buffer Overflow Vulnerability
2. Linux Kernel ATM Module Inconsistent Reference Counts Denial
of Service Vulnerability
3. Linux Kernel Security Key Functions Local Copy_To_User Race
Vulnerability
4. Ubuntu Linux Local Installation Password Disclosure
Vulnerability
5. CrossFire SetUp Remote Buffer Overflow Vulnerability
6. Veritas Backup Exec Multiple Remote Denial of Service
Vulnerabilities
7. Drupal Multiple Input Validation Vulnerabilities
8. Macromedia Flash Multiple Unspecified Security
Vulnerabilities
9. Linux Kernel IP ID Information Disclosure Weakness
10. Debian GNU/Linux Local Information Disclosure Vulnerability
11. Zoo Parse.c Local Buffer Overflow Vulnerability
12. PHPWebSite Multiple SQL Injection Vulnerabilities
13. cURL / libcURL TFTP URL Parser Buffer Overflow
Vulnerability
14. X.Org X Window Server Local Privilege Escalation
Vulnerability
15. FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
16. Linux Kernel Netfilter Do_Replace Remote Buffer Overflow
Vulnerability
17. RunIt CHPST Privilege Escalation Vulnerability
18. Util-VServer Unknown Linux Capabilities Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Libnids
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Encryption for the masses
By Kelly Martin
File and disk encryption needs to be simple and easy if it's going to
be used. This article looks at Apple's FileVault and takes a sneak peak
at what's coming in Windows Vista.
http://www.securityfocus.com/columnists/393
2. Social engineering reloaded
By Sarah Granger
The purpose of this article is to go beyond the basics and explore how
social engineering, employed as technology, has evolved over the past
few years. A case study of a typical Fortune 1000 company will be
discussed, putting emphasis on the importance of education about social
engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:
Firebird is susceptible to a local buffer-overflow vulnerability. This
issue is due to the application's failure to properly check boundaries
of user-supplied command-line argument data before copying it to an
insufficiently sized memory buffer.
Attackers may exploit this issue to execute arbitrary machine code with
elevated privileges, because the affected binaries are often installed
with setuid privileges.
2. Linux Kernel ATM Module Inconsistent Reference Counts Denial of
Service Vulnerability
BugTraq ID: 17078
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.
This vulnerability affects the ATM module and allows local users to
panic the kernel by creating inconsistent reference counts, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.14.
3. Linux Kernel Security Key Functions Local Copy_To_User Race
Vulnerability
BugTraq ID: 17084
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17084
Summary:
The Linux kernel is susceptible to a local race-condition vulnerability
in its security-key functionality. This issue is due to a race
condition that allows attackers to modify an argument of a copy operation after
is has been validated, but before it is used.
This vulnerability allows local attackers to crash the kernel, denying
service to legitimate users. It may also allow attackers to read
portions of kernel memory, and thus gain access to potentially sensitive
information. This may aid them in further attacks.
4. Ubuntu Linux Local Installation Password Disclosure Vulnerability
BugTraq ID: 17086
Remote: No
Date Published: 2006-03-12
Relevant URL: http://www.securityfocus.com/bid/17086
Summary:
Ubuntu Linux is susceptible to a local password-disclosure
vulnerability. This issue is due to the installation system improperly storing
cleartext passwords in world-readable files.
This issue allows local attackers to gain access to the user account
that was created during the initial installation of Ubuntu. Since this
user is granted 'sudo' access to the superuser account, this potentially
allows local attackers to completely compromise affected computers.
5. CrossFire SetUp Remote Buffer Overflow Vulnerability
BugTraq ID: 17093
Remote: Yes
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17093
Summary:
CrossFire is prone to a remote buffer-overflow vulnerability. This can
facilitate a remote compromise due to arbitrary code execution.
CrossFire 1.9.0 and prior versions are vulnerable.
6. Veritas Backup Exec Multiple Remote Denial of Service
Vulnerabilities
BugTraq ID: 17098
Remote: Yes
Date Published: 2006-03-17
Relevant URL: http://www.securityfocus.com/bid/17098
Summary:
Veritas Backup Exec is prone to multiple remote denial-of-service
vulnerabilities.
These issues result in memory violations and memory exhaustion and lead
to denial-of-service conditions in the affected applications. A restart
is required to regain normal functionality in most cases.
Various versions of Backup Exec for Windows, Linux, and Netware are
vulnerable.
7. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:
Drupal is prone to multiple input-validation vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage these issues to:
- have arbitrary script code executed in the browser of an
unsuspecting user in the context of the affected site
- access sensitive information
- hijack user sessions
- use a vulnerable Drupal installation as an email relay.
8. Macromedia Flash Multiple Unspecified Security Vulnerabilities
BugTraq ID: 17106
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17106
Summary:
The Macromedia Flash plug-in is susceptible to multiple unspecified
vulnerabilities.
An attacker can potentially exploit these vulnerabilities to execute
arbitrary code. The most likely vector of attack is through a malicious
SWF file that has been designed to trigger the vulnerability and has
been placed on a website. A denial-of-service condition may also occur.
Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are
vulnerable to these issues.
9. Linux Kernel IP ID Information Disclosure Weakness
BugTraq ID: 17109
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is susceptible to a remote information-disclosure
weakness. This issue is due to an implementation flaw of a zero 'ip_id'
information-disclosure countermeasure.
This issue allows remote attackers to use affected computers in stealth
network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4 series,
are affected by this weakness.
10. Debian GNU/Linux Local Information Disclosure Vulnerability
BugTraq ID: 17122
Remote: No
Date Published: 2006-03-15
Relevant URL: http://www.securityfocus.com/bid/17122
Summary:
Debian GNU/Linux is susceptible to a local information-disclosure
vulnerability. This issue is due to the installation system improperly
storing sensitive information in world-readable files.
This issue allows local users to gain access to sensitive information
that may aid them in further attacks. If the affected computer was
installed using an automated installation process, the pre-seeded superuser
password may be available to attackers, facilitating the complete
compromise of the computer.
11. Zoo Parse.c Local Buffer Overflow Vulnerability
BugTraq ID: 17126
Remote: No
Date Published: 2006-03-16
Relevant URL: http://www.securityfocus.com/bid/17126
Summary:
Zoo is prone to a local buffer-overflow vulnerability. This issue is
due to a failure in the application to do proper bounds checking on
user-supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the
context of the victim user running the affected application to potentially
gain elevated privileges.
12. PHPWebSite Multiple SQL Injection Vulnerabilities
BugTraq ID: 17150
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17150
Summary:
phpWebSite is prone to multiple SQL-injection vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
13. cURL / libcURL TFTP URL Parser Buffer Overflow Vulnerability
BugTraq ID: 17154
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17154
Summary:
cURL and libcURL are prone to a buffer-overflow vulnerability. This
issue is due to a failure in the library to perform proper bounds checks
on user-supplied data before using it in a finite-sized buffer.
The issue occurs when the URL parser handles an excessively long URL
string with a TFTP protocol prefix 'tftp://'.
An attacker can exploit this issue to crash the affected library,
effectively denying service. Arbitrary code execution may also be possible,
which may facilitate a compromise of the underlying system.
14. X.Org X Window Server Local Privilege Escalation Vulnerability
BugTraq ID: 17169
Remote: No
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17169
Summary:
The X.Org X Window server is prone to a privilege-escalation
vulnerability.
A local attacker can exploit this issue to load arbitrary modules and
execute them or overwrite arbitrary files with superuser privileges.
This may facilitate a complete compromise of the affected computer.
15. FreeRADIUS EAP-MSCHAPv2 Authentication Bypass Vulnerability
BugTraq ID: 17171
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17171
Summary:
FreeRADIUS is prone to an authentication-bypass vulnerability. The
issue exists in the EAP-MSCHAPv2 state machine. Bypassing authentication
could also cause the server to crash.
FreeRADIUS versions from 1.0.0 to 1.1.0 are vulnerable.
16. Linux Kernel Netfilter Do_Replace Remote Buffer Overflow
Vulnerability
BugTraq ID: 17178
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
The Linux kernel is susceptible to a remote buffer-overflow
vulnerability. This issue is due to the kernel's failure to properly bounds-check
user-supplied input before using it in a memory copy operation.
This issue allows remote attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious machine code
in the context of affected kernels. This vulnerability facilitates the
complete compromise of affected computers.
Linux kernel versions prior to 2.6.16 in the 2.6 series are affected by
this issue.
17. RunIt CHPST Privilege Escalation Vulnerability
BugTraq ID: 17179
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17179
Summary:
Runit is susceptible to a local privilege-escalation vulnerability.
This issue is due to a flaw in the 'chpst' utility that results in
programs gaining unintended, elevated group privileges.
This issue will have varying consequences depending on the nature of
programs executed by the affected utility. Attackers exploiting latent
vulnerabilities in applications may gain access to elevated group
privileges.
Runit versions prior to 1.4.1 are affected by this issue. This affects
only packages that are compiled with 16-bit gid_t types (such as when
compiled with dietlibc).
18. Util-VServer Unknown Linux Capabilities Vulnerability
BugTraq ID: 17180
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17180
Summary:
The util-vserver package for the Linux-VServer project is susceptible
to an unknown Linux capability vulnerability. The package fails to
properly handle unknown Linux capabilities.
The exact consequences of this issue are currently unknown. They depend
on the nature of the unknown capabilities and on the nature of the
applications that use them. Hosted virtual servers may possibly gain
inappropriate access to the hosting operating system.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Libnids
http://www.securityfocus.com/archive/91/428026
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Cambia
Automate IT Security Compliance Now
Free white paper demonstrates how you can eliminate manual,
time-consuming project-based compliance using continuous security compliance
software. Save time leveraging this FREE white paper.
http://a.gklmedia.com/sfln/nl/125