| Date: | Tue, 11 Apr 2006 15:25:33 -0600 |
From: | "Peter Laborge" <plaborge@securityfocus.com>
| To: | linux-secnews@securityfocus.com |
Subject: | SecurityFocus Linux Newsletter #281 |
SecurityFocus Linux Newsletter #281
----------------------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack
Step-by-Step"!"- White Paper Blind SQL Injection can deliver total control of your
server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white
paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl
------------------------------------------------------------------
I. FRONT AND CENTER
1. This Means Warcraft!
2. Two attacks against VoIP
II. LINUX VULNERABILITY SUMMARY
1. Util-VServer SUEXEC Privilege Escalation Weakness
2. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
3. MPG123 Malformed MP3 File Memory Corruption Vulnerability
4. HP Color LaserJet 2500/4600 Toolbox Directory Traversal
Vulnerability
5. Doomsday Multiple Remote Format String Vulnerabilities
6. Kaffeine Remote HTTP_Peek Buffer Overflow Vulnerability
7. Eset Software NOD32 Antivirus Local Arbitrary File Creation
Vulnerability
8. Clam AntiVirus ClamAV Multiple Vulnerabilities
9. OpenVPN Client Remote Code Execution Vulnerability
10. BSD-Games Multiple Local Buffer Overflow Vulnerabilities
11. Linux Kernel SYSFS PAGE_SIZE Local Denial of Service
Vulnerability
12. XZGV Image Viewer JPEG File Remote Heap Buffer Overflow
Vulnerability
13. Tony Cook Imager JPEG and TGA Images Denial Of Service
Vulnerability
14. TalentSoft Web+ Shop Deptname Parameter Cross-Site
Scripting Vulnerability
15. Linux Kernel __keyring_search_one Local Denial of Service
Vulnerability
III. LINUX FOCUS LIST SUMMARY
1. Syncing iptables rules between two servers
2. R: IPtables and C programming??
3. IPtables and C programming??
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. This Means Warcraft!
By Mark Rasch
A recent World of Warcraft case involved a WoW book by Brian Knopp that
was being sold on eBay. It resulted in automated takedown notices by
"lawyerbots" and shows how the legal process today can end up silencing
legitimate uses of trademarks and copyrights.
http://www.securityfocus.com/columnists/396
2. Two attacks against VoIP
By Peter Thermos
This purpose of this article is to discuss two of the most well known
attacks that can be carried out in current VoIP deployments. The first
attack demonstrates the ability to hijack a user's VoIP Subscription and
subsequent communications. The second attack looks at the ability to
eavesdrop in to VoIP communications.
http://www.securityfocus.com/infocus/1862
SecurityFocus is looking for the best technical articles from the
community. In addition to becoming instantly famous, publication of your
research, technical work, installation guide or security HOWTO will
benefit the community as a whole. Interested parties should consult the
submission guidelines below and review some recent Infocus articles. Start
with an idea and a one-page outline. Submit your article idea now!
http://www.securityfocus.com/static/submissions.html
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. Util-VServer SUEXEC Privilege Escalation Weakness
BugTraq ID: 17361
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17361
Summary:
The util-vserver package for the Linux-VServer project is susceptible
to a privilege-escalation weakness.
This issue allows remote attackers that exploit latent vulnerabilities
in services to potentially gain superuser privileges in a guest virtual
server. This may aid them in further attacks.
2. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
BugTraq ID: 17362
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17362
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based authentication
credentials and launch other attacks.
3. MPG123 Malformed MP3 File Memory Corruption Vulnerability
BugTraq ID: 17365
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17365
Summary:
The mpg123 application is prone to a memory-corruption vulnerability
related to the handling of MP3 streams.
An attacker may be able to exploit this vulnerability to execute
arbitrary code in the context of the user running the player, but this has
not been confirmed.
This issue may be related to the one described in BID 12218 (MPG123
Layer 2 Frame Header Heap Overflow Vulnerability).
4. HP Color LaserJet 2500/4600 Toolbox Directory Traversal
Vulnerability
BugTraq ID: 17367
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17367
Summary:
The HP Color LaserJet 2500/4600 Toolbox is prone to a
directory-traversal vulnerability. This issue is due to a failure in the application to
properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files
from the vulnerable system in the context of the affected application.
Information obtained may aid attackers in further attacks.
5. Doomsday Multiple Remote Format String Vulnerabilities
BugTraq ID: 17369
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17369
Summary:
Doomsday is prone to multiple remote format-string vulnerabilities.
These issues are due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary code in the
context of the vulnerable application or crash the affected game server,
effectively denying service to legitimate users.
6. Kaffeine Remote HTTP_Peek Buffer Overflow Vulnerability
BugTraq ID: 17372
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17372
Summary:
Kaffiene is reportedly affected by a remote buffer-overflow
vulnerability because the application fails to perform sufficient boundary checks
on user-supplied strings before copying them into finite stack-based
buffers.
An attacker can leverage this issue remotely to execute arbitrary code
on an affected computer with the privileges of an unsuspecting user
that executed the vulnerable software.
7. Eset Software NOD32 Antivirus Local Arbitrary File Creation
Vulnerability
BugTraq ID: 17374
Remote: No
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17374
Summary:
NOD32 Antivirus is affected by a local arbitrary file-creation
vulnerability. This issue is due to the application's failure to properly drop
SYSTEM privileges when performing operations on behalf of a local user.
Attackers cannot overwrite already-existing files by exploiting this
issue.
This issue allows local attackers to create files in arbitrary
locations with SYSTEM-level privileges. This may allow then them to execute
arbitrary code with elevated privileges, facilitating the compromise of
affected computers.
Versions prior to 2.51.26 are affected by this issue.
8. Clam AntiVirus ClamAV Multiple Vulnerabilities
BugTraq ID: 17388
Remote: Yes
Date Published: 2006-04-05
Relevant URL: http://www.securityfocus.com/bid/17388
Summary:
ClamAV is prone to multiple vulnerabilities:
- An integer-overflow vulnerability.
- A format-string vulnerability.
- A denial-of-service vulnerability.
The first two issues may permit attackers to execute arbitrary code,
which can facilitate a compromise of an affected computer.
If an attacker can successfully exploit the denial-of-service issue,
this may crash the affected application, which may aid an attacker in
further attacks if the antivirus software no longer works.
9. OpenVPN Client Remote Code Execution Vulnerability
BugTraq ID: 17392
Remote: Yes
Date Published: 2006-04-06
Relevant URL: http://www.securityfocus.com/bid/17392
Summary:
OpenVPN is reported prone to a remote code-execution vulnerability.
This issue is due to a lack of proper sanitization of server-supplied
data.
A remote attacker may exploit this issue to execute arbitrary code with
elevated privileges on a vulnerable computer to gain unauthorized
access.
To be vulnerable to this issue, client OpenVPN computers must be
configured to use 'up' or 'down' scripts and must have either the 'pull'
configuration directive or a 'client' macro set up.
OpenVPN versions 2.0.0 through 2.0.5 are affected by this issue.
10. BSD-Games Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 17401
Remote: No
Date Published: 2006-04-06
Relevant URL: http://www.securityfocus.com/bid/17401
Summary:
Multiple games in the BSD-games package are prone to locally
exploitable buffer-overflow vulnerabilities. These issues are due to insufficient
bounds-checking when copying user-supplied input to insufficiently
sized memory buffers.
Since these games are installed 'setgid games' on many operating
systems, attackers may be able to exploit these issues to escalate privileges
to this level.
11. Linux Kernel SYSFS PAGE_SIZE Local Denial of Service Vulnerability
BugTraq ID: 17402
Remote: No
Date Published: 2006-04-07
Relevant URL: http://www.securityfocus.com/bid/17402
Summary:
Linux kernel is susceptible to a local denial-of-service vulnerability.
This issue arises in SYSFS and allows local users to crash the kernel,
denying service to legitimate users.
Kernel versions 2.6.12 to versions prior to 2.6.17-rc1 are affected.
12. XZGV Image Viewer JPEG File Remote Heap Buffer Overflow
Vulnerability
BugTraq ID: 17409
Remote: Yes
Date Published: 2006-04-07
Relevant URL: http://www.securityfocus.com/bid/17409
Summary:
The 'xzgv' viewer is reported prone to a remote heap-overflow
vulnerability.
This issue is reported to present itself when the application handles a
specially crafted JPEG image. A remote attacker may execute arbitrary
code in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
This issue affects 'xzgv' 0.8 and prior. The 'zgv' viewer may be
vulnerable to this issue as well, but this has not been confirmed.
13. Tony Cook Imager JPEG and TGA Images Denial Of Service
Vulnerability
BugTraq ID: 17415
Remote: Yes
Date Published: 2006-04-07
Relevant URL: http://www.securityfocus.com/bid/17415
Summary:
The Perl Imager module is susceptible to a denial-of-service
vulnerability. This issue is due to a failure of the software to properly handle
unexpected image data.
Malformed image files may cause a crash in applications that use the
affected Perl module, resulting in a denial-of-service condition.
14. TalentSoft Web+ Shop Deptname Parameter Cross-Site Scripting
Vulnerability
BugTraq ID: 17418
Remote: Yes
Date Published: 2006-04-07
Relevant URL: http://www.securityfocus.com/bid/17418
Summary:
Web+ Shop is prone to a cross-site scripting vulnerability. This issue
is due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based authentication
credentials and launch other attacks.
15. Linux Kernel __keyring_search_one Local Denial of Service
Vulnerability
BugTraq ID: 17451
Remote: No
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17451
Summary:
Linux kernel is susceptible to a local denial-of-service vulnerability.
This vulnerability arises in the '__keyring_search_one' function. This
issue allows local users to crash the kernel, denying service to
legitimate users.
Kernel versions prior to 2.6.16.3 are vulnerable to this issue.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
1. Syncing iptables rules between two servers
http://www.securityfocus.com/archive/91/430423
2. R: IPtables and C programming??
http://www.securityfocus.com/archive/91/430003
3. IPtables and C programming??
http://www.securityfocus.com/archive/91/429848
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack
Step-by-Step"!"- White Paper Blind SQL Injection can deliver total control of your
server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white
paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl