| Date: | Tue, 04 Apr 2006 12:45:23 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #280 |
SecurityFocus Linux Newsletter #280
----------------------------------------
Test your Network Security Free with QualysGuard
Requiring NO software, QualysGuard will safely and accurately test your
network and provide you with the necessary fixes to proactively guard
your network. Try QualysGuard Risk Free with No Obligation.
http://www.securityfocus.com/cgi-bin/ib.pl
------------------------------------------------------------------
I. FRONT AND CENTER
1. Two attacks against VoIP
2. Open source security testing methodology
3. This Means Warcraft!
II. LINUX VULNERABILITY SUMMARY
1. Vavoom Multiple Denial of Service Vulnerabilities
2. MediaWiki Encoded Page Link HTML Injection Vulnerability
3. Noah Grey Greymatter Arbitrary File Upload Vulnerability
4. Debian GNU/Linux Multiple Packages Insecure RUNPATH
Vulnerability
5. Horde Help Viewer Remote PHP Code Execution Vulnerability
6. FreeRadius RLM_SQLCounter SQL Injection Vulnerability
7. Tetris-BSD Tetris-bsd.scores Local Privilege Escalation
Vulnerability
8. DIA XFIG File Import Multiple Remote Buffer Overflow
Vulnerabilities
9. GNU Mailman Attachment Scrubber Malformed MIME Message
Denial Of Service Vulnerability
10. Samba Machine Trust Account Local Information Disclosure
Vulnerability
11. BusyBox Insecure Password Hash Weakness
12. Util-VServer SUEXEC Privilege Escalation Weakness
13. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
14. MPG123 Malformed MP3 File Memory Corruption Vulnerability
15. HP Color LaserJet 2500/4600 Toolbox Directory Traversal
Vulnerability
16. Kaffeine Remote HTTP_Peek Buffer Overflow Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. IPtables and C programming??
2. Systrace 1.6: Phoenix Release for Linux
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Two attacks against VoIP
By Peter Thermos
This purpose of this article is to discuss two of the most well known
attacks that can be carried out in current VoIP deployments. The first
attack demonstrates the ability to hijack a user's VoIP Subscription and
subsequent communications. The second attack looks at the ability to
eavesdrop in to VoIP communications.
http://www.securityfocus.com/infocus/1862
2. Open source security testing methodology
By Federico Biancuzzi
Truth is made of numbers. Following this golden rule, Federico
Biancuzzi interviewed Pete Herzog, founder of ISECOM and creator of the OSSTMM,
to talk about the upcoming revision 3.0 of the Open Source Security
Testing Methodology Manual. He discusses why we need a testing
methodology, why use open source, the value of certifications, and plans for a new
vulnerability scanner developed with a different approach than Nessus.
http://www.securityfocus.com/columnists/395
3. This Means Warcraft!
By Mark Rasch
A recent World of Warcraft case involved a WoW book by Brian Knopp that
was being sold on eBay. It resulted in automated takedown notices by
"lawyerbots" and shows how the legal process today can end up silencing
legitimate uses of trademarks and copyrights.
http://www.securityfocus.com/columnists/396
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Vavoom Multiple Denial of Service Vulnerabilities
BugTraq ID: 17261
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17261
Summary:
Vavoom is prone to two denial-of-service vulnerabilities. These issues
can cause the application to stop responding or fail.
Vavoom 1.19.1 and earlier are affected.
2. MediaWiki Encoded Page Link HTML Injection Vulnerability
BugTraq ID: 17269
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17269
Summary:
MediaWiki is prone to an HTML-injection vulnerability. This issue is
due to a lack of proper sanitization of user-supplied input before using
it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context
of the affected website, potentially allowing an attacker to steal
cookie-based authentication credentials. An attacker could also exploit
this issue to control how the site is rendered to the user; other attacks
are also possible.
3. Noah Grey Greymatter Arbitrary File Upload Vulnerability
BugTraq ID: 17271
Remote: Yes
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17271
Summary:
Greymatter is prone to an arbitrary file-upload vulnerability.
An attacker can exploit this vulnerability to upload arbitrary code and
execute it in the context of the webserver process. This may facilitate
unauthorized access or privilege escalation; other attacks are also
possible.
4. Debian GNU/Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 17288
Remote: No
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17288
Summary:
Multiple packages in Debian GNU/Linux are susceptible to an insecure
RUNPATH vulnerability. This issue is due to a flaw in the build system
that results in insecure RUNPATHs being included in certain binaries.
This vulnerability may result in arbitrary code being executed in the
context of users who run the vulnerable executables. This may facilitate
privilege escalation.
5. Horde Help Viewer Remote PHP Code Execution Vulnerability
BugTraq ID: 17292
Remote: Yes
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17292
Summary:
Horde is prone to a remote PHP code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary malicious PHP
code and in the context of the webserver process. This may help the
attacker compromise the application and the underlying system; other
attacks are also possible.
Horde versions 3.0 up to 3.0.9 and 3.1.0 are vulnerable; other versions
may also be affected.
6. FreeRadius RLM_SQLCounter SQL Injection Vulnerability
BugTraq ID: 17294
Remote: Yes
Date Published: 2006-03-28
Relevant URL: http://www.securityfocus.com/bid/17294
Summary:
FreeRADIUS is prone to an SQL-injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
7. Tetris-BSD Tetris-bsd.scores Local Privilege Escalation
Vulnerability
BugTraq ID: 17308
Remote: No
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17308
Summary:
Tetris-BSD is prone to a local privilege-escalation vulnerability. The
issue results from a design error.
A local attacker can leverage this issue to exploit latent
vulnerabilities in applications by overwriting shared game data files.
8. DIA XFIG File Import Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 17310
Remote: Yes
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17310
Summary:
Dia is affected by multiple remote buffer-overflow vulnerabilities.
These issues are due to the application's failure to properly bounds-check
user-supplied input before copying it into insufficiently sized memory
buffers.
These issues allow remote attackers to execute arbitrary machine code
in the context of the user running the affected application to open
attacker-supplied malicious XFig files.
9. GNU Mailman Attachment Scrubber Malformed MIME Message Denial Of
Service Vulnerability
BugTraq ID: 17311
Remote: Yes
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17311
Summary:
GNU Mailman is prone to denial-of-service attacks. This issue affects
the attachment-scrubber utility.
The vulnerability could be triggered by mailing-list posts and will
affect the availability of mailing lists hosted by the application.
This issue presents itself only when Mailman is used in conjunction
with Python email version 2.5.
10. Samba Machine Trust Account Local Information Disclosure
Vulnerability
BugTraq ID: 17314
Remote: No
Date Published: 2006-03-30
Relevant URL: http://www.securityfocus.com/bid/17314
Summary:
Samba is susceptible to a local information-disclosure vulnerability.
This issue is due to a design error that potentially leads to sensitive
information being written to log files. This occurs when the debugging
level has been set to 5 or higher.
This issue allows local attackers to gain access to the machine trust
account of affected computers. Attackers may then impersonate the
affected server in the domain. By impersonating the member server, attackers
may gain access to further sensitive information, including the users
and groups in the domain; other information may also be available. This
may aid attackers in further attacks.
Samba versions 3.0.21 through to 3.0.21c that use the 'winbindd' daemon
are susceptible to this issue.
11. BusyBox Insecure Password Hash Weakness
BugTraq ID: 17330
Remote: Yes
Date Published: 2006-03-31
Relevant URL: http://www.securityfocus.com/bid/17330
Summary:
BusyBox is susceptible to an insecure password-hash weakness. This
issue is due to a design flaw that results in password hashes being created
in an insecure manner.
This issue allows attackers to use precomputed password hashes in
brute-force attacks if they can gain access to password hashes by some means
(such as exploiting another vulnerability).
12. Util-VServer SUEXEC Privilege Escalation Weakness
BugTraq ID: 17361
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17361
Summary:
The util-vserver package for the Linux-VServer project is susceptible
to a privilege-escalation weakness.
This issue allows remote attackers that exploit latent vulnerabilities
in services to potentially gain superuser privileges in a guest virtual
server. This may aid them in further attacks.
13. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
BugTraq ID: 17362
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17362
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based authentication
credentials and launch other attacks.
14. MPG123 Malformed MP3 File Memory Corruption Vulnerability
BugTraq ID: 17365
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17365
Summary:
The mpg123 application is prone to a memory-corruption vulnerability
related to the handling of MP3 streams.
An attacker may be able to exploit this vulnerability to execute
arbitrary code in the context of the user running the player, but this has
not been confirmed.
This issue may be related to the one described in BID 12218 (MPG123
Layer 2 Frame Header Heap Overflow Vulnerability).
15. HP Color LaserJet 2500/4600 Toolbox Directory Traversal
Vulnerability
BugTraq ID: 17367
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17367
Summary:
The HP Color LaserJet 2500/4600 Toolbox is prone to a
directory-traversal vulnerability. This issue is due to a failure in the application to
properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files
from the vulnerable system in the context of the affected application.
Information obtained may aid attackers in further attacks.
16. Kaffeine Remote HTTP_Peek Buffer Overflow Vulnerability
BugTraq ID: 17372
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17372
Summary:
Kaffiene is reportedly affected by a remote buffer overflow
vulnerability. The problem presents itself due to insufficient boundary checks on
user-supplied strings prior to copying them into finite stack-based
buffers.
An attacker can leverage this issue remotely to execute arbitrary code
on an affected computer with the privileges of an unsuspecting user
that executed the vulnerable software.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. IPtables and C programming??
http://www.securityfocus.com/archive/91/429848
2. Systrace 1.6: Phoenix Release for Linux
http://www.securityfocus.com/archive/91/428672
V. SPONSOR INFORMATION
------------------------
Test your Network Security Free with QualysGuard
Requiring NO software, QualysGuard will safely and accurately test your
network and provide you with the necessary fixes to proactively guard
your network. Try QualysGuard Risk Free with No Obligation.
http://www.securityfocus.com/cgi-bin/ib.pl